Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-0985
https://bugzilla.redhat…
A cross-site scripting (XSS) vulnerability exists in the “contact us” plugin for Subrion CMS <= 4.2.1 version via “List of subjects”.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-41948
https://github.com/intelliants/subrion-plugin-contact_u…
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.
References
https://nvd.nist.gov/vuln/detail/CVE-…
Podman is a tool for managing OCI containers and pods. A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerabili…
This affects the package @yaireo/tagify before 4.9.8. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the cross-site scripting (XSS) payload.
Referenc…
Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-29947
https://github.com/woodpecker-ci/woodpecker/pull/879
https://github.com/wo…
Object state limitation is a policy you can use in your roles to limit access to content based on specific object state values. Due to a flawed earlier update, these limitations were ineffective in releases made since February 16th 2022. They would gra…
Object state limitation is a policy you can use in your roles to limit access to content based on specific object state values. Due to a flawed earlier update, these limitations were ineffective in releases made since February 16th 2022. They would gra…
Object state limitation is a policy you can use in your roles to limit access to content based on specific object state values. Due to a flawed earlier update, these limitations were ineffective in releases made since February 16th 2022. They would gra…
Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in httpx.URL, httpx.Client and some functions using httpx.URL.copy_with.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-41945
https://github.com/encode/httpx/issues/2184
…
