Daemon panics when processing certain blocks

### Impact go-ipfs nodes with versions 0.10.0, 0.11.0, 0.12.0, or 0.12.1 can crash when trying to traverse certain malformed graphs due to an issue in the go-codec-dagpb dependency. Vulnerable nodes ...

Continue Reading
XSS affecting “Logs” Page

# Description A review of organizr's logging system found it is possible for an unauthenticated threat actor to inject arbitrary JavaScript into the "Logs" page found within the administrator dashboa ...

Continue Reading
Opened exploitable ports in default docker-compose.yaml in go-ipfs

### Impact Allows admin API access to the IPFS node. ### Who ? This affects people running the [docker-compose.yaml](https://github.com/ipfs/go-ipfs/blob/master/docker-compose.yaml) service in an env ...

Continue Reading
Unauthenticated Path Traversal via /api/upload

# Description While reviewing FUXA, research found it is possible to upload arbitrary files into arbitrary locations via the "/api/upload" endpoint. Even when authentication in enabled, it was found ...

Continue Reading
api-shop.e-tiketka.com Cross Site Scripting vulnerability OBB-2564459

Following the coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147]()** standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. not ...

Continue Reading
Path traversal in the OWASP Enterprise Security API

### Impact The default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a child of the specified parent directory. Th ...

Continue Reading
Cross-site Scripting in org.owasp.esapi:esapi

### Impact There is a potential for an XSS vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-esapi.xml** configuration file that can cause URLs with the ...

Continue Reading
XSS Vulnerability in Action Pack

There is a possible XSS vulnerability in Rails / Action Pack. This vulnerability has been assigned the CVE identifier CVE-2022-22577. Versions Affected: >= 5.2.0 Not affected: ...

Continue Reading

Back to Main

Subscribe for the latest news: