Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-48877 | 2025-06-12 | N/A | N/A | ||
| Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, Codepen is present in the default `allowed_iframes` site setting, and it can potentially auto-run arbitrary JS in the iframe scope, which is unintended. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. As a workaround, the Codepen prefix can be removed from a site's `allowed_iframes`. | |||||
| CVE-2023-52971 | 2025-03-08 | N/A | 4.9 MEDIUM | ||
| MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan. | |||||
| CVE-2023-52970 | 2025-03-08 | N/A | 4.9 MEDIUM | ||
| MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where. | |||||
| CVE-2023-52969 | 2025-03-08 | N/A | 4.9 MEDIUM | ||
| MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2. | |||||