The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the... ...
Continue Reading17 марта, 2022
The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions d ...
Continue Reading17 марта, 2022
(This document is canonically: https://advisories.nats.io/CVE/CVE-2022-26652.txt) Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud ...
Continue Reading11 марта, 2022
The public API error causes for the attacker to be able to bypass API access... ...
Continue Reading11 марта, 2022
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI. ...
Continue Reading11 марта, 2022
FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint... ...
Continue Reading10 марта, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) PluginServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/plugin/pmx&quo ...
Continue Reading10 марта, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentConfigurationServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/ ...
Continue Reading10 марта, 2022
Back to Main