An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell... ...
Continue ReadingMarch 18, 2022
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI. ...
Continue ReadingMarch 17, 2022
Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload a ...
Continue ReadingMarch 17, 2022
The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the... ...
Continue ReadingMarch 17, 2022
The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions d ...
Continue ReadingMarch 17, 2022
(This document is canonically: https://advisories.nats.io/CVE/CVE-2022-26652.txt) Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud ...
Continue ReadingMarch 11, 2022
The public API error causes for the attacker to be able to bypass API access... ...
Continue ReadingMarch 11, 2022
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI. ...
Continue ReadingMarch 11, 2022
Back to Main