Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to unintentional disclosure of sensitive information such as api keys, passwords,. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.
Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
n8n is a workflow automation platform. Rated medium severity (CVSS 5.0). This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS allows attackers to bypass common image source restrictions. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A flaw was found in libsoup. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The SecuPress Free - WordPress Security plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'secupress_reinstall_plugins_admin_ajax_cb'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.