An issue in the sqlo_natural_join_cond component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the sqlo_strip_in_join component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the sqlo_key_part_best component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the sqlo_place_dt_set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
Uncontrolled Search Path Element vulnerability in ABB Control Builder A, ABB 800xA for Advant Master. This issue affects Control Builder A: through 1.4/4; 800xA for Advant Master: through 6.0.3-1, through 6.1.1-1, 6.1.1-3, 6.2.0-1.
OctoPrint has XSS in its Suppressed Command Notifications
Gogs Vulnerable to Unauthenticated Organization Teams Information Disclosure via API
Gogs has Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)
Gogs has Path Traversal in organization name that results in RCE through Git hooks
Gogs: LFS dedupe path leaks private repo content across tenants
Gogs: UploadRepoFiles writes outside repo working tree via committed parent sym
Gogs allows users to write to readonly repositories using receive-pack + service=git-upload-pack confusion
Gogs's password-reset tokens use account-activation lifetime, ignoring RESET_PASSWORD_CODE_LIVES
Gogs's write-level collaborators can mutate admin-only repository settings via API
Gogs has DOM-based XSS via Milestone Name on New Issue Page
Gogs vulnerable to RCE via git rebase --exec argument injection in pull request merge
Gogs has a Migration Redirect Bypass that Leads to Internal Repository Theft
Gogs Vulnerable to Privilege Escalation via Collaboration Access Mode Validation
Gogs has an Open Redirect via redirect_to
OpenHarness /issue and /pr_comments slash commands lack remote_invocable=False protection, allowing remote channel senders to write attacker-controlled Markdown into project context files. Admitted remote attackers can inject malicious content into .openharness/issue.md and .openharness/pr_comments....