# Description SQL injection exists in the camptocamp/terraboard. Among all APIs there is an API routed to `/api/search/attribute`, whose corresponding method is [api.SearchAttribute](https://github.co ...
Continue Reading
May 25, 2022
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. * The attacker creates a workflow that produces a HTML artifact that contains a HTML fi ...
Continue Reading
May 23, 2022
The package git-pull-or-clone before 2.0.2 is vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of t ...
Continue Reading
May 23, 2022
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the runPackDiagnose function in /cgi-bin/luci/api/diagno ...
Continue Reading
May 23, 2022
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the doSwitchApi function in /cgi-bin/luci/api/switch. ...
Continue Reading
May 23, 2022
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the switchFastDhcp function in /cgi-bin/luci/api/diagnos ...
Continue Reading
May 23, 2022
Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cooki ...
Continue Reading
May 23, 2022
Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text. ...
Continue Reading
May 23, 2022
Back to Main
