Explore CVEs

#Fickling's assessment Fickling started emitting AST nodes for builtins imports in order to match them during analysis (https://github.com/trailofbit...

### Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to t...

A Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular’s internal s...

#Fickling's assessment `ctypes`, `importlib`, `runpy`, `code` and `multiprocessing` were added the list of unsafe imports (https://github.com/trailof...

# Fickling's assessment `pydoc` and `ctypes` were added to the list of unsafe imports (https://github.com/trailofbits/fickling/commit/b793563e60a5e03...

# Fickling's assessment `cProfile` was added to the list of unsafe imports (https://github.com/trailofbits/fickling/commit/dc8ae12966edee27a78fe05c57...

# Fickling's assessment `runpy` was added to the list of unsafe imports (https://github.com/trailofbits/fickling/commit/9a2b3f89bd0598b528d62c10a64c...

OpenProject is an open-source, web-based project management software. OpenProject versions prior to version 16.6.3, allowed users with the View Meetin...

OpenProject is an open-source, web-based project management software. For OpenProject versions from 11.2.1 to before 16.6.2, when sending a POST reque...

OpenProject is an open-source, web-based project management software. Prior to version 16.6.2, OpenProject’s unauthenticated password-change endpoint ...

OpenProject is an open-source, web-based project management software. Prior to version 16.6.2, a low‑privileged logged-in user can view the full names...

OpenProject is an open-source, web-based project management software. For OpenProject version 16.6.1 and below, a registered administrator can execute...

OpenProject is an open-source, web-based project management software. A Local File Read (LFR) vulnerability exists in the work package PDF export func...

ManageIQ is an open-source management platform. A flaw was found in the ManageIQ API prior to version radjabov-2 where a malformed TimeProfile could b...

### Impact A vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API...

### Impact A vulnerability in Ghost's `/ghost/api/admin/members/events` endpoint allows users with authentication credentials for the Admin API to exe...

### Impact A vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be ac...

### Impact A vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. ### Vulnerable versions This vulnerability is present in Gh...

### Summary An Unauthenticated Insecure Direct Object Reference (IDOR) vulnerability was identified that allows an unauthenticated attacker to access ...