CVE-2021-43271

Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a (when configured to use local, RADIUS, or TACACS authentication) log ...

Continue Reading
CVE-2022-29770

XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo.Read More ...

Continue Reading
CVE-2022-29784

PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java.Read More ...

Continue Reading
Dev error stack trace leaking into prod in Play Framework

### Impact Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by configuring its `DefaultHttpErrorHandler` to do so based ...

Continue Reading
Dev error stack trace leaking into prod in Play Framework

### Impact Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by configuring its `DefaultHttpErrorHandler` to do so based ...

Continue Reading
Server-Side Template Injection in formio

A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL.Read More ...

Continue Reading
Server-Side Template Injection in formio

A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL.Read More ...

Continue Reading
Unsanitized JavaScript code injection possible in gatsby-plugin-mdx

### Impact The gatsby-plugin-mdx plugin prior to versions 3.15.2 and 2.14.1 passes input through to the `gray-matter` npm package, which is vulnerable to JavaScript injection in its default configurat ...

Continue Reading

Back to Main

Subscribe for the latest news: