A PHP package containing implementations of the accepted PSR-7 HTTP message interfaces [1], as well as a "server" implementation similar to node's http.Server [2]. Documentation: https://docs.laminas ...

Continue Reading

July 16, 2022

[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9Cwk7G3nA3MnGy8P2nDMOsfIUoit1itbzgsnqfuFhTeXBvDndQX_141136JmtgDk05aZWV64uJTheKlEd0nDBybsbVBQ2VxG_dy2L-AGn3_NwnSF_ZEz1TEAmsMhveGvErAOszs ...

Continue Reading

July 16, 2022

### Impact This impacts users that use Shescape (any API function) to escape arguments for **cmd.exe** on **Windows**. An attacker can omit all arguments following their input by including a line feed ...

Continue Reading

July 15, 2022

### Overview A partial-path traversal issue exists within the `downloadDirectory` method in the AWS S3 TransferManager component of the AWS SDK for Java v1. Applications using the SDK control the `des ...

Continue Reading

July 15, 2022

In versions prior to 3.3.2, Hudson exhibits a flaw in its XML API processing that can allow access to potentially sensitive information on the filesystem of the Hudson master server.Read More ...

Continue Reading

July 15, 2022

The package whoogle-search before 0.7.2 is vulnerable to Cross-site Scripting (XSS) via the query string parameter q. In the case where it does not contain the http string, it is used to build the err ...

Continue Reading

July 15, 2022

## JBOSS EAP/AS - More Deserializations? Indeed!  Community contributor [Heyder Andrade]() added ...

Continue Reading

July 15, 2022

github.com/argoproj/argo-cd is vulnerable to privilege escalation. Lack of enforcement of access restriction by application resource API allows an attacker to escalate the privileges to admin-level.Re ...

Continue Reading

July 15, 2022