CVE-2022-31004

CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method write ...

Continue Reading
CVE-2022-25237

Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /.. ...

Continue Reading
CVE-2020-28246

A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL.Read More ...

Continue Reading
dotCMS Shell Upload

Post ContentRead More ...

Continue Reading
CVE-2022-1266

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...

Continue Reading
CVE-2022-1610

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...

Continue Reading
Being Prepared for Adversarial Attacks

There is no question that the level of threats facing today’s businesses continues to change on a daily basis. So what are the trends that CISOs need to be on the lookout for? For this episode of the ...

Continue Reading
dotCMS Shell Upload Exploit

When files are uploaded into dotCMS via the content API, but before they become content, dotCMS writes the file down in a temporary directory. In the case of this vulnerability, dotCMS does not saniti ...

Continue Reading

Back to Main

Subscribe for the latest news: