Security
Headlines

Headlines Latest CVEs

Headline

GHSA-3p9x-xxx6-2w4p: Broken Access Control in 3rd party TYPO3 extension "femanager"

A missing access check in the InvitationController allows an unauthenticated user to delete all frontend users.

1 year ago

Broken Access Control in 3rd party TYPO3 extension “femanager”

High severity GitHub Reviewed Published Feb 2, 2023 to the GitHub Advisory Database • Updated Feb 8, 2023

Related news

CVE-2023-25014: Broken Access Control in extension "femanager" (femanager)

An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users.

1 year ago

#vulnerability #web #auth

ghsa: Latest News

GHSA-2rmj-mq67-h97g: Spring Framework DoS via conditional HTTP request

14 hours ago

GHSA-gcx4-mw62-g8wm: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

1 day ago

GHSA-8fx8-3rg2-79xw: Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)

1 day ago

GHSA-3hp8-6j24-m5gm: Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)

1 day ago

GHSA-2wq5-g96f-mv3v: Ouch! allows a segmentation fault due to use of uninitialized memory

1 day ago