CVE-2022-2598

Undefined Behavior for Input to API in GitHub repository vim/vim prior to 9.0.0100.Read More ...

Continue Reading

CVSS3 - MEDIUM

Why Cybersecurity Needs to be a Part of Your ESG

## What is an ESG? Environmental, social, and corporate governance (ESG) documentation is a way to visualize and evaluate how an organization is working for the betterment of social goals and how that ...

Continue Reading
PAN-OS 10.0 – Remote Code Execution (Authenticated) Exploit

Post ContentRead More ...

Continue Reading

CVSS3 - HIGH

CVSS2 - HIGH

PAN-OS 10.0 – Remote Code Execution (RCE) (Authenticated)

Post ContentRead More ...

Continue Reading

CVSS3 - HIGH

CVSS2 - HIGH

Full Read Server-Side Request Forgery (SSRF)

# Description Via the `/api/upload/upload-by-url` endpoint is possible to upload an image via an URL provided by the user. The function that handles this upload, doesn't verify or validate the provide ...

Continue Reading
IDOR in password change page leads to administrative account takeover

# Description The password change function doesn't properly handle the `Change Password` role, allowing to any user, that has this role enabled, to change the password of any user in the system, inclu ...

Continue Reading
No password brute-force protection on login page

# Description The login page doesn't have any protection against a brute-force password attack, which allows an attacker to try every possible password combination without any restriction. # Proof of ...

Continue Reading
Unauthenticated Path Traversal

# Description A unauthenticated user can read and download files of the application system by abusing the `filename` parameter, of the `/api/image/cover-upload`endpoint, that is not properly sanitized ...

Continue Reading

Back to Main

Subscribe for the latest news: