Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the `stable` branch and versions 3.1.0.beta2 and prior on the `beta` and `tests-passed` branches, the count of personal messages displayed for a tag is a count of all personal messages regardless of whether the personal message is visible to a given user. As a result, any users can technically poll a sensitive tag to determine if a new personal message is created even if the user does not have access to the personal message. In…
Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".
OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code.
lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check.