GHSA-x7m9-mv49-fv73: Vaultwarden vulnerable to user impersonation

GHSA-vprm-27pv-jp3w: Vaultwarden authenticated reflected cross-site scripting (XSS) vulnerability

GHSA-g5x8-v2ch-gj2g: Vaultwarden HTML injection vulnerability

GHSA-5xh2-23cc-5jc6: Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution

GHSA-675f-rq2r-jw82: JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

femanager fails to check access permissions for the invitation component. Depending on the configuration of the plugin, a remote user can create frontend user accounts with access to configured frontend groups.

**TYPO3 extension femanager Broken Access Control vulnerability**

Moderate severity GitHub Reviewed Published Oct 4, 2023 to the GitHub Advisory Database • Updated Oct 4, 2023

Headline

GHSA-93j4-v838-8767: TYPO3 extension femanager Broken Access Control vulnerability

ghsa: Latest News