Better Auth is an authentication and authorization library for TypeScript. Prior to version 1.1.21, the application is vulnerable to an open redirect due to improper validation of the callbackURL parameter in the email verification endpoint and any other endpoint that accepts callback url. While th…

Metabase Enterprise Edition is the enterprise version of Metabase business intelligence and data analytics software. Starting in version 1.47.0 and prior to versions 1.50.36, 1.51.14, 1.52.11, and 1.53.2 of Metabase Enterprise Edition, users with impersonation permissions may be able to see results…

WeGIA is a Web manager for charitable institutions. An OS Command Injection vulnerability was discovered in versions prior to 3.2.15 of the WeGIA application, `importar_dump.php` endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely. The command is basically a comm…

Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track allows users with the `SYSTEM_CONFIGURATION` permission to customize notification templates. Templates are evaluated using the Pebble template engin…

An SQL injection risk was identified in the module list filter within course search.

Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.

Insufficient capability checks made it possible to disable badges a user does not have permission to access.

The question bank filter required additional sanitizing to prevent a reflected XSS risk.

Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.

The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk.