Every1's a fraud 'cuz they pick & choose what they show.

CVE-2023-35844: Arbitrary File Read in Lightdash

Lightdash version <= 0.506.4 is vulnerable to a path traversal attack, allowing an attacker to access arbitrary files on the server.
Read more ⟶

CVE-2023-35843: Arbitrary File Read in NocoDB

The NocoDB application version <= 0.106.1 has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating...
Read more ⟶

CVE-2023-23596: OS Command Injection in Nginx Proxy Manager

An OS command injection vulnerability exists in versions of Nginx Proxy Manager prior to 2.9.19.
Read more ⟶

CVE-2023-22493: Server Side Request Forgery (SSRF) in RSSHub

RSSHub is vulnerable to SSRF attacks. An attacker to send arbitrary HTTP requests from the server to other servers or resources on the network.
Read more ⟶

CVE-2022-3023: DSN Injection in TiDB Server Importer

TiDB server (importer CLI tool) prior to version 6.4.0 & 6.1.3 is vulnerable to data source name injection. The database name for generating...
Read more ⟶