KubeVela is an application delivery platform Users using KubeVela’s VelaUX APIServer could be affected by an authentication bypass vulnerability. In KubeVela prior to versions 1.4.11…

GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD prior to 22.2.0 do not adequately restrict permissions…

linked_list_allocator is an allocator usable for no_std systems. Prior to version 0.10.2, the heap initialization methods were missing a minimum size check for the given…

JOSE is “JSON Web Almost Everything” – JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime’s native crypto in Node.js, Browser, Cloudflare Workers,…

mangadex-downloader is a command-line tool to download manga from MangaDex. When using `file:<location>` command and `<location>` is a web URL location (http, https), mangadex-downloader between…

Cross Site Scripting (XSS) in xiunobbs 4.0.4 allows remote attackers to execute arbitrary web script or HTML via the attachment upload function. Zafiyet ile ilgili…

Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, Wikmd is vulnerable to path traversal when accessing `/list/<path:folderpath>` and discloses lists…

Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, an attacker could capture user’s session cookies or execute malicious Javascript when…

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields (keys used internally by Parse…

Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux’s helm-controller is a Kubernetes operator that allows one to…