-
## Use case
As an OpenBAS community member, I want to be able to easily share and receive payloads among the community, so that I can prop up my payload library with new attack forms as they are disc…
-
# Summary
115cms v8 version 20240807 is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities.
These vulnerabilities occur due to insufficient input validation and sanitation, al…
-
The rule 920220 has been in CRS since before the time we moved to github and CRS 3. There was a complicated regex that was later simplified. In the simplified form, it triggers a lot of false positive…
-
## Summary
The web backend server for `GPT-SoVITS` lacks proper user input sanitization in the **UVR5 Module**, which leads to **remote OS command injection vulnerability**. This flaw allows attack…
-
### Community Note
- Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help us …
-
### Describe the bug
I tested ZAP with 41 test cases, and from these, ZAP incorrectly issued 9 SQL Injection warnings. My test suite included cases that actually involved SQL Injections as well as ca…
-
**Vulnerability Name: Cross-Site Scripting (XSS)**
**Description:**
Cross-Site Scripting (XSS) is a security vulnerability typically found in web applications. It allows an attacker to inject mali…
-
The service appears to implicitly trust the user-supplied Host header. If this input is not properly validated, an attacker could inject harmful payloads through the Host header, manipulating server-s…
-
Vulnerable Library - microsoft.data.odata.5.8.2.nupkg
Classes to serialize, deserialize and validate OData payloads. Enables construction of OData produce...
Library home page: https://api.nuget.org…
-
**Describe the security issue**
A path traversal vulnerability exists in Mirth Connect Administrator that allows an attacker to access arbitrary files on the server. By manipulating the URL, specific…