GHSA-3m86-c9x3-vwm9: Graylog vulnerable to privilege escalation through API tokens

GHSA-3q26-f695-pp76: @cyanheads/git-mcp-server vulnerable to command injection in several tools

GHSA-6r2x-8pq8-9489: Electron vulnerable to Heap Buffer Overflow in NativeImage

GHSA-v8fr-vxmw-6mf6: Mattermost Incorrect Authorization vulnerability

GHSA-wgvp-jj4w-88hf: Mattermost Incorrect Authorization vulnerability

Image files uploaded in froxlor/froxlor prior to 2.0.14 were not properly validated which could result in remote code execution via path manipulation.

**froxlor/froxlor vulnerable to Unrestricted Upload of File with Dangerous Type**

Critical severity GitHub Reviewed Published Apr 14, 2023 to the GitHub Advisory Database • Updated Apr 17, 2023

Headline

GHSA-qwvp-g9j7-28f6: froxlor/froxlor vulnerable to Unrestricted Upload of File with Dangerous Type

Related news

ghsa: Latest News