Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed applications.

Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications.

Missing "no cache" headers in HCL Leap permits user directory information to be cached.

Missing "no cache" headers in HCL Leap permits sensitive data to be cached.

Under certain circumstances the iSTAR Configuration Utility (ICU) tool could have a buffer overflow issue

h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires th…

YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversion of arguments allows the injection of a malicious commands when starting `yt-dlp` from a commands prompt running on Windows OS with…

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability…

Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters.

Insufficient default configuration in HCL Leap allows anonymous access to directory information.