βΌ CVE-2022-0762 βΌ
π Read
via "National Vulnerability Database".
Business Logic Errors in GitHub repository microweber/microweber prior to 1.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0763 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0764 βΌ
π Read
via "National Vulnerability Database".
Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27958 βΌ
π Read
via "National Vulnerability Database".
The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26146 βΌ
π Read
via "National Vulnerability Database".
Tricentis qTest before 10.4 allows stored XSS by an authenticated attacker.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26149 βΌ
π Read
via "National Vulnerability Database".
MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22908 βΌ
π Read
via "National Vulnerability Database".
SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, when they are able to read process memory, to discover the contents of the Username and Password fields.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21708 βΌ
π Read
via "National Vulnerability Database".
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43945 βΌ
π Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting (SXSS) vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are before version 8.20.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26159 βΌ
π Read
via "National Vulnerability Database".
The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages), which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords.π Read
via "National Vulnerability Database".
ποΈ Bridgestone Americas βdisconnectsβ manufacturing facilities following βsecurity incidentβ ποΈ
π Read
via "The Daily Swig".
Worldβs biggest tire manufacturer yet to determine βscope or nature of any potential incidentβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bridgestone Americas βdisconnectsβ manufacturing facilities following βsecurity incidentβ
Worldβs biggest tire manufacturer yet to determine βscope or nature of any potential incidentβ
π΄ How to Boost Shift-Left Security in the SDLC π΄
π Read
via "Dark Reading".
Organizations will see big wins from applying security controls early in the development life cycle.π Read
via "Dark Reading".
Dark Reading
How to Boost Shift-Left Security in the SDLC
Organizations will see big wins from applying security controls early in the development life cycle.
βΌ CVE-2022-24685 βΌ
π Read
via "National Vulnerability Database".
HashiCorp Nomad and Nomad Enterprise 1.x before 1.0.17, 1.1.x before 1.1.12, and 1.2.x before 1.2.6 has Uncontrolled Resource Consumption.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24572 βΌ
π Read
via "National Vulnerability Database".
Car Driving School Management System v1.0 is affected by Cross Site Scripting (XSS) in the User Enrollment Form (Username Field). To exploit this Vulnerability, an admin views the registered user details.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24571 βΌ
π Read
via "National Vulnerability Database".
Car Driving School Management System v1.0 is affected by SQL injection in the login page. An attacker can use simple SQL login injection payload to get admin access.π Read
via "National Vulnerability Database".
π΄ Companies Borrow Attack Technique to Watermark Machine Learning Models π΄
π Read
via "Dark Reading".
Researchers continue to improve on a technique for embedded crafted outputs into machine-learning models, an anti-copying technique originally thought up by adversarial researchers.π Read
via "Dark Reading".
Dark Reading
Companies Borrow Attack Technique to Watermark Machine Learning Models
Researchers continue to improve on a technique for embedded crafted outputs into machine-learning models, an anti-copying technique originally thought up by adversarial researchers.
βΌ CVE-2022-25642 βΌ
π Read
via "National Vulnerability Database".
Obyte (formerly Byteball) Wallet before 3.4.1 allows XSS. A crafted chat message can lead to remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24711 βΌ
π Read
via "National Vulnerability Database".
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26158 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26156 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places user-supplied input into the action URL of an HTML form. An attacker can use this vulnerability to construct a URL that, if visited by another application user, will modify the action URL of a form to point to the attacker's server.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44339 βΌ
π Read
via "National Vulnerability Database".
David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_png_transform_scanline() in "/ok_png.c:712".π Read
via "National Vulnerability Database".