GHSA-hxf5-99xg-86hw: cap-std doesn't fully sandbox all the Windows device filenames

GHSA-c2f5-jxjv-2hh8: Wasmtime doesn't fully sandbox all the Windows device filenames

GHSA-4cf2-cxp3-rjr7: HAPI FHIR XML External Entity (XXE) vulnerability

GHSA-v2qh-f584-6hj8: @workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled

GHSA-5wmg-9cvh-qw25: @workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled

Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file.  Phpsysinfo 3.4.3 disables the functionality by default but the users may enable the vulnerable functionality.

**Phpsysinfo Cross Site Request Forgery (CSRF) vulnerability**

Moderate severity GitHub Reviewed Published Dec 19, 2023 to the GitHub Advisory Database • Updated Dec 19, 2023

Headline

GHSA-67gv-xrw7-p72w: Phpsysinfo Cross Site Request Forgery (CSRF) vulnerability

ghsa: Latest News