CVE-2022-22773

The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server f ...

Continue Reading
CVE-2022-30952

Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user creden ...

Continue Reading
CVE-2022-1559

The Clipr WordPress plugin through 1.2.3 does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered ...

Continue Reading
CVE-2022-30782

Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers. ...

Continue Reading
CSRF on update cart functionality

I found a CSRF Vulnerability in the update cart functionality where there is no **csrf** token being validated While updating the cart as the authenticated user **Vulnerable Request:** ``` POST /demo ...

Continue Reading
Discoverability of user password hash in Statamic CMS

## Description It was possible to confirm a single character of a user's password hash (just the hash, not the password) using a specially crafted regular expression filter in the users endpoint of th ...

Continue Reading
Consensys: Public Postman Api Collection Leaks Internal access to https://assets-paris-dev.codefi.network/

The researcher identified a public workspace at `https://www.postman.com/3zL77NHP5yLSKc/workspace/codefi-assets-s-public-workspace/environment/19650166-866da684-1c98-492c-a9e9-6ed287c28746` containing ...

Continue Reading
Improper Certificate Validation in kubeclient

A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not confi ...

Continue Reading

Back to Main

Subscribe for the latest news: