Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-q745-cfqh-hcrw
  • Packagist/james-heinrich/phpthumb
phpThumb is vulnerable to Command Injection through its gif_outputAsJpeg function 15 hours ago
  • No fix available
  • Severity - 4.9 (Medium)
GHSA-7pgw-q3qp-6pgq
  • Packagist/universal-omega/dynamic-page-list3
DynamicPageList3 vulnerability exposes hidden/suppressed usernames yesterday
  • Fix available
  • Severity - 8.7 (High)
GHSA-j4rj-fgcq-wmqp
  • Packagist/cockpit-hq/cockpit
Cockpit - Content Platform vulnerable to XSS through name or email argument names 04 Jul
  • Fix available
  • Severity - 5.1 (Medium)
GHSA-p85q-mww9-gwqf
  • Packagist/starcitizentools/short-description
Citizen Short Description stored XSS vulnerability through wikitext 03 Jul
  • Fix available
  • Severity - 8.6 (High)
GHSA-p9qc-8jjx-g8cg
  • Packagist/bolt/bolt
Bolt CMS vulnerable to authenticated remote code execution 03 Jul
  • No fix available
  • Severity - 7.5 (High)
GHSA-prmv-7r8c-794g
  • Packagist/starcitizentools/citizen-skin
Citizen vulnerable to Stored XSS through short descriptions 03 Jul
  • Fix available
  • Severity - 8.6 (High)
GHSA-rq6g-6g94-jfr4
  • Packagist/starcitizentools/citizen-skin
starcitizentools/citizen-skin is vulnerable to Stored XSS attack in the legacy search bar through page descriptions 03 Jul
  • Fix available
  • Severity - 8.6 (High)
GHSA-j64v-xh5w-8hqj
  • Packagist/microweber/microweber
Microweber CMS API has authenticated local file inclusion vulnerability 02 Jul
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-jfj7-249r-7j2m
  • Packagist/starcitizentools/tabber-neue
TabberNeue vulnerable to Stored XSS through wikitext 27 Jun
  • Fix available
  • Severity - 8.6 (High)
GHSA-277f-37gw-9gmq
  • Packagist/billz/raspap-webgui
raspap-webgui has a Directory Traversal vulnerability 27 Jun
  • Fix available
  • Severity - 7.7 (High)
GHSA-mrph-pjv2-34f4
  • Packagist/juzaweb/cms
JuzaWeb CMS is vulnerable to Incorrect Privilege Assignment when installing certain components 27 Jun
  • No fix available
  • Severity - 2.1 (Low)
GHSA-rq7x-cfmc-rq3w
  • Packagist/juzaweb/cms
JuzaWeb CMS is vulnerable to Incorrect Privilege Assignment when installing Import Page component 27 Jun
  • No fix available
  • Severity - 2.1 (Low)
GHSA-cgvv-3455-824j
  • Packagist/moodle/moodle
Moodle Session Fixation allows unauthenticated users to hijack sessions via sesskey parameter 24 Jun
  • Fix available
  • Severity - 4.2 (Medium)
GHSA-24wv-6c99-f843
  • Packagist/pterodactyl/panel
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution 19 Jun
  • Fix available
  • Severity - 10.0 (Critical)
GHSA-x3c7-22c8-prg7
  • Packagist/handcraftedinthealps/goodby-csv
handcraftedinthealps/goodby-csv has Potential Gadget Chain allowing Remote Code Execution 13 Jun
  • Fix available
  • Severity - 3.9 (Low)
GHSA-9qv6-4pwm-m68f
  • Packagist/ibexa/fieldtype-richtext
Ibexa RichText Field Type XSS vulnerabilities in back office 13 Jun
  • Fix available
  • Severity - 6.1 (Medium)