Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-27610 | 1 Parseplatform | 1 Parse Dashboard | 2026-02-27 | N/A | 5.3 MEDIUM |
|
Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the `ConfigKeyCache` uses the same cache key for both master key and read-only master key when resolving function-typed keys. Under specific timing conditions, a read-only user can receive the cached full master key, or a regular user can receive the cached read-only master key. The fix in version 9.0.0-alpha.8 uses distinct cache keys for master key and read-only master ke ...
Show More |
|||||
| CVE-2026-1094 | 1 Gitlab | 1 Gitlab | 2026-02-12 | N/A | 4.6 MEDIUM |
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI.
|
|||||
| CVE-2024-8372 | 2 Angularjs, Netapp | 2 Angularjs, Active Iq Unified Manager | 2025-11-20 | N/A | 4.8 MEDIUM |
|
Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .
This issue affects AngularJS versions 1.3.0-rc.4 and greater.
Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
|
|||||
| CVE-2024-45308 | 1 Hedgedoc | 1 Hedgedoc | 2025-09-22 | N/A | 6.5 MEDIUM |
|
HedgeDoc is an open source, real-time, collaborative, markdown notes application. When using HedgeDoc 1 with MySQL or MariaDB, it is possible to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by the new one. When the freeURL feature is enabled (by setting the `allowFreeURL` config option or the `CMD_ALLOW_FREEURL` environment variable to `true`), any user with the appropriate permissions can crea ...
Show More |
|||||
| CVE-2024-45179 | 1 C-mor | 1 C-mor Video Surveillance | 2025-09-04 | N/A | 7.2 HIGH |
|
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to insufficient input validation, the C-MOR web interface is vulnerable to OS command injection attacks. It was found out that different functionality is vulnerable to OS command injection attacks, for example for generating new X.509 certificates, or setting the time zone. These OS command injection vulnerabilities in the script generatesslreq.pml can be exploited as a low-privileged authenticated user to e ...
Show More |
|||||
| CVE-2024-12224 | 1 Servo | 1 Idna | 2025-06-25 | N/A | 8.8 HIGH |
|
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.
|
|||||
| CVE-2022-0675 | 1 Puppet | 1 Firewall | 2024-11-21 | 6.8 MEDIUM | 5.6 MEDIUM |
|
In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe state.
|
|||||
| CVE-2024-42219 | 1 1password | 1 1password | 2024-08-12 | N/A | 7.8 HIGH |
|
1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient.
|
|||||
| CVE-2024-42218 | 1 1password | 1 1password | 2024-08-12 | N/A | 4.7 MEDIUM |
|
1Password 8 before 8.10.38 for macOS allows local attackers to exfiltrate vault items by bypassing macOS-specific security mechanisms.
|
|||||