GHSA-vh5j-5fhq-9xwg: Taylor has race condition in /get-patch that allows purchase token replay

GHSA-v9w6-9hq9-33ch: HKUDS LightRAG allows Path Traversal via function upload_to_input_dir

GHSA-jfj7-249r-7j2m: TabberNeue vulnerable to Stored XSS through wikitext

GHSA-m435-9v6r-v5f6: MobSF vulnerability allows SSRF due to the allow_redirects=True parameter

GHSA-fv92-fjc5-jj9h: mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data

An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment.

**Economizzer Insecure Direct Object Reference vulnerability**

Moderate severity GitHub Reviewed Published Sep 28, 2023 to the GitHub Advisory Database • Updated Sep 28, 2023

Headline

GHSA-896v-ph5w-379h: Economizzer Insecure Direct Object Reference vulnerability

ghsa: Latest News