Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-34652: Common-Vulnerabilities-and-Exposures/CVE-2023-34652 at main · ckalnarayan/Common-Vulnerabilities-and-Exposures

PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Course.

CVE
#xss#vulnerability#java#php#auth
CVE-2023-21518: Samsung Mobile Security

Improper access control vulnerability in SearchWidget prior to version 3.3 in China models allows untrusted applications to start arbitrary activity.

CVE-2023-21517: Samsung Mobile Security

Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code.

CVE-2023-2232: ReDoS in Jira prefix (#408352) · Issues · GitLab.org / GitLab · GitLab

An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix

CVE-2022-4143: 2022/CVE-2022-4143.json · master · GitLab.org / cves · GitLab

An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorization

CVE-2023-3439: mctp: defer the kfree of object mdev->addrs · torvalds/linux@b561275

A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However, a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object, potentially leading to a denial of service.

CVE-2021-25827: Incorrect Access Control - Don't require a password on the local network (CVE-2021-25827) · Issue #3784 · MediaBrowser/Emby

Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setting the X-Forwarded-For header to a local IP-address.

CVE-2021-25828: Reflected Cross-Site Scripting (XSS) (CVE-2021-25828) · Issue #3785 · MediaBrowser/Emby

Emby Server versions < 4.6.0.50 is vulnerable to Cross Site Scripting (XSS) vulnerability via a crafted GET request to /web.