CVE-2022-24812

Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key ar ...

Continue Reading
CVE-2022-24829

Garden is an automation platform for Kubernetes development and testing. In versions prior to 0.12.39 multiple endpoints did not require authentication. In some operating modes this allows for an atta ...

Continue Reading
CVE-2022-26676

aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt... ...

Continue Reading
CVE-2022-23900

A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST request ...

Continue Reading
CVE-2022-20755

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker ...

Continue Reading
CVE-2022-20754

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker ...

Continue Reading
Opened exploitable ports in default docker-compose.yaml in go-ipfs

Impact Allows admin API access to the IPFS node. Who ? This affects people running the docker-compose.yaml service in an environment where the docker host is directly attached to a public or untruste ...

Continue Reading
Discoverability of user password hash in Statamic CMS

Description It was possible to confirm a single character of a user's password hash (just the hash, not the password) using a specially crafted regular expression filter in the users endpoint of ...

Continue Reading

Back to Main

Subscribe for the latest news: