CVE-2022-26672

ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general ...

Continue Reading
CVE-2022-24875

The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the `org.conroller.js` code would erroneously log user secrets. This h ...

Continue Reading
api-bridge.azurewebsites.net Cross Site Scripting vulnerability OBB-2536764

Following the coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147]()** standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. not ...

Continue Reading
api-sandboxdash.norcapsecurities.com Cross Site Scripting vulnerability OBB-2533259

Following the coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147]()** standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. not ...

Continue Reading
CVE-2022-29548

A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2 ...

Continue Reading
CVE-2022-24872

Shopware is an open commerce platform based on Symfony Framework and Vue. Permissions set to sales channel context by admin-api are still usable within normal user session. Users are advised to update ...

Continue Reading
CVE-2022-24826

On Windows, if Git LFS operates on a malicious repository with a ..exe file as well as a file named git.exe, and git.exe is not found in PATH, the ..exe program will be executed, permitting the attack ...

Continue Reading
CVE-2021-26626

Improper input validation vulnerability in XPLATFORM's execBrowser method can cause execute arbitrary commands. IF the second parameter value of the execBrowser function is ‘default’, the first ...

Continue Reading

Back to Main

Subscribe for the latest news: