The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive information in its log files (which are publicly accessible), including DeepL API key.Read More ...
Continue ReadingNovember 21, 2022
An API Endpoint used by Miele's "AppWash" MobileApp in all versions was vulnerable to an authorization bypass. A low privileged, remote attacker would have been able to gain read and partial write acc ...
Continue ReadingNovember 21, 2022
An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is p ...
Continue ReadingNovember 21, 2022
In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configura ...
Continue ReadingNovember 19, 2022
This module exploits a cross-site request forgery (CSRF) vulnerability in F5 Big-IP's iControl interface to write an arbitrary file to the filesystem. While any file can be written to any location as ...
Continue ReadingNovember 19, 2022
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:8003 advisory. - A flaw was found in the libvirt nwfilter driver. The virNWFilt ...
Continue ReadingNovember 19, 2022
The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:8057 advisory. - The package @braintree/sanitize-url before 6.0.0 are ...
Continue ReadingNovember 19, 2022
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7954 advisory. - In x/text in Go 1.15.4, an index out of range panic o ...
Continue ReadingNovember 19, 2022
Back to Main