### Impact There is a potential for an XSS vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-esapi.xml** configuration file that can cause URLs with the ...
Continue Reading
May 23, 2022
### Impact The default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a child of the specified parent directory. Th ...
Continue Reading
May 23, 2022
Following the coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147]()** standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. not ...
Continue Reading
May 23, 2022
The reporter discovered they were able to hijack invites to other ads teams by adding the extra field, email, to a request that would allow them to bypass email verification. By doing so they were abl ...
Continue Reading
May 23, 2022
### Impact Permissions set to sales channel context by admin-api are still useable within normal user session ### Patches We recommend updating to the current version 6.4.10.1. You can get the update ...
Continue Reading
May 23, 2022
### Impact Allows an attacker to perform a DOS attack consisting of memory exhaustion on the host system. ### Patches Yes. Please upgrade to v1.2.6. ### Workarounds A workaround is to restrict the pat ...
Continue Reading
May 23, 2022
### Impact A bug was found in CRI-O where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with i ...
Continue Reading
May 23, 2022
### Impact Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two `RequireDisCatSharpDeveloperAttribute`s or the `BaseDiscordClient.Li ...
Continue Reading
May 23, 2022
Back to Main
