GHSA-xrh7-2gfq-4rcq: openCart Server-Side Template Injection (SSTI) vulnerability

GHSA-x37x-qf4v-f54f: Roundup Cross-site Scripting Vulnerability

GHSA-w8vc-cwv9-wx67: Roundup Cross-site Scripting Vulnerability

GHSA-xjgw-ghrx-wfff: Roundup Cross-site Scripting Vulnerability

GHSA-c3q9-c27p-cw9h: projectdiscovery/nuclei allows unsigned code template execution through workflows

An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response.

**gradio Server-Side Request Forgery vulnerability**

Moderate severity GitHub Reviewed Published Apr 16, 2024 to the GitHub Advisory Database • Updated Apr 16, 2024

Headline

GHSA-qh6x-j82h-vpf9: gradio Server-Side Request Forgery vulnerability

ghsa: Latest News