In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold u ...
Continue ReadingMay 19, 2022
# Description Hey, when I attempt to change the password, I noticed that you haven't kept any password boundary. You need to limit password length. Hashing a large amount of data can cause significant ...
Continue ReadingMay 19, 2022
The Conduit feed.publish API allows a user to publish stories to the feed. The API accepts a parameter "type" which will be set to `PhabricatorTokenGivenFeedStory` and accepts JSON in the "data" para ...
Continue ReadingMay 19, 2022
Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the ...
Continue ReadingMay 11, 2022
It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1 if an u ...
Continue ReadingMay 11, 2022
An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab ...
Continue ReadingMay 10, 2022
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endp ...
Continue ReadingMay 10, 2022
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker ...
Continue ReadingMay 10, 2022
Back to Main