‼ CVE-2022-30013 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the upload function of totaljs CMS 3.4.5 allows attackers to execute arbitrary web scripts via a JavaScript embedded PDF file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29622 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29017 ‼
📖 Read
via "National Vulnerability Database".
Bento4 v1.6.0.0 was discovered to contain a segmentation fault via the component /x86_64/multiarch/strlen-avx2.S.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1726 ‼
📖 Read
via "National Vulnerability Database".
Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1722 ‼
📖 Read
via "National Vulnerability Database".
SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29353 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the file upload module of Graphql-upload v13.0.0 allows attackers to execute arbitrary code via a crafted filename.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30777 ‼
📖 Read
via "National Vulnerability Database".
Parallels H-Sphere 3.6.2 allows XSS via the index_en.php from parameter.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-1728 ‼
📖 Read
via "National Vulnerability Database".
Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30776 ‼
📖 Read
via "National Vulnerability Database".
atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30523 ‼
📖 Read
via "National Vulnerability Database".
Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow a low privileged local attacker to delete the contents of an arbitrary folder as SYSTEM which can then be used for privilege escalation on the affected machine.📖 Read
via "National Vulnerability Database".
🕴 Critical Zyxel Firewall Bug Under Active Attack After PoC Exploit Debut 🕴
📖 Read
via "Dark Reading".
Just one day after disclosure, cyberattackers are actively going after the command-injection/code-execution vulnerability in Zyxel's gear.📖 Read
via "Dark Reading".
Dark Reading
Critical Zyxel Firewall Bug Under Active Attack After PoC Exploit Debut
Just one day after disclosure, cyberattackers are actively going after the command-injection/code-execution vulnerability in Zyxel's gear.
🕴 Name That Toon: Knives Out 🕴
📖 Read
via "Dark Reading".
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.📖 Read
via "Dark Reading".
Dark Reading
Name That Toon: Knives Out
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
🕴 NSA Cyber Chief Vows 'No Backdoors' in Quantum Encryption Standards 🕴
📖 Read
via "Dark Reading".
New quantum encryption standards will stand up to spy-snooping, NSA cybersecurity director said.📖 Read
via "Dark Reading".
Dark Reading
NSA Cyber Chief Vows 'No Backdoors' in Quantum Encryption Standards
New quantum encryption standards will stand up to spy-snooping, NSA cybersecurity director said.
‼ CVE-2022-25169 ‼
📖 Read
via "National Vulnerability Database".
The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23266 ‼
📖 Read
via "National Vulnerability Database".
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33318 ‼
📖 Read
via "National Vulnerability Database".
An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses and subnets.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30050 ‼
📖 Read
via "National Vulnerability Database".
Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23267 ‼
📖 Read
via "National Vulnerability Database".
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods.📖 Read
via "National Vulnerability Database".
🕴 You Can't Opt Out of Citizen Development 🕴
📖 Read
via "Dark Reading".
To see why low-code/no-code is inevitable, we need to first understand how it finds its way into the enterprise.📖 Read
via "Dark Reading".
Dark Reading
You Can't Opt Out of Citizen Development
To see why low-code/no-code is inevitable, we need to first understand how it finds its way into the enterprise.
‼ CVE-2022-30055 ‼
📖 Read
via "National Vulnerability Database".
Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that could lead to Remote Code Execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23265 ‼
📖 Read
via "National Vulnerability Database".
A logged-in and authenticated user with a Reviewer Role may lock a content item.📖 Read
via "National Vulnerability Database".