CVE-2022-26500

Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload a ...

Continue Reading
CVE-2022-24073

The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the... ...

Continue Reading
CVE-2022-24072

The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions d ...

Continue Reading
Arbitrary file write in nats-server

(This document is canonically: https://advisories.nats.io/CVE/CVE-2022-26652.txt) Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud ...

Continue Reading
CVE-2022-23730

The public API error causes for the attacker to be able to bypass API access... ...

Continue Reading
CVE-2018-25031

Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI. ...

Continue Reading
CVE-2022-25506

FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint... ...

Continue Reading
CVE-2021-42854

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) PluginServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/plugin/pmx&quo ...

Continue Reading

Back to Main

Subscribe for the latest news: