Veilid before 0.1.9 does not check the size of uncompressed data during decompression upon an envelope receipt, which allows remote attackers to cause a denial of service (out-of-memory abort) via cra ...
Continue Reading
August 20, 2023
Missing Authorization in GitHub repository hamza417/inure prior to build88.Read More ...
Continue Reading
August 20, 2023
Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulne ...
Continue Reading
August 19, 2023
DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora ...
Continue Reading
August 19, 2023
Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/". This vulnerability can ...
Continue Reading
August 19, 2023
DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This v ...
Continue Reading
August 19, 2023
Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via "app://local/". This vu ...
Continue Reading
August 19, 2023
Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.Read More ...
Continue Reading
August 19, 2023
Back to Main
