Cross-Site Request Forgery (CSRF) vulnerability in manuelvicedo Forge – Front-End Page Builder allows Stored XSS. This issue affects Forge – Front-End Page Builder: from n/a through 1.4.6.

next-forge is a Next.js project boilerplate for modern web application. The BASEHUB_TOKEN commited in apps/web/.env.example. Users should avoid use of this token and should remove any access it may have in their systems.

In versions of the PEADM Forge Module prior to 3.24.0 a security misconfiguration was discovered.

Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17.

Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17.

Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17.

Forgejo before 1.20.5-1 allows remote attackers to test for the existence of private user accounts by appending .rss (or another extension) to a URL.

Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication.

In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository for which permissions are being checked. This allows remote attackers to read private issues, read private pull requests, delete issues, and perform other unauthorized actions.

Cross-Site Request Forgery (CSRF) vulnerability in Designs & Code Forget About Shortcode Buttons plugin <= 2.1.2 versions.