Improper handling of email input

### Impact An attacker can pass a compromised input to the e-mail [signin endpoint](https://next-auth.js.org/getting-started/rest-api#post-apiauthsigninprovider) that contains some malicious HTML, tri ...

Continue Reading
Malformed CAR panics and excessive memory usage

### Impact **Versions impacted** * `=` go-car@v0.4.0 * `>=` go-car@v2.4.0 **Description of user-facing changes** ***go-car@v0.4.0*** imposes a fixed maximum header length and section length of 32 ...

Continue Reading
CVE-2022-31127

NextAuth.js is a complete open source authentication solution for Next.js applications. An attacker can pass a compromised input to the e-mail [signin endpoint](https://next-auth.js.org/getting-starte ...

Continue Reading
What’s New in InsightIDR: Q2 2022 in Review

![What's New in InsightIDR: Q2 2022 in Review](https://blog.rapid7.com/content/images/2022/07/insightidr-q2-2022.jpg) This Q2 2022 recap post takes a look at some of the latest investments we've made ...

Continue Reading
Improper handling of parameter lead to listing any directory

# Description In `file-manager/list` API, the server does not handling `path` parameters properly lead to allow listing any directory. To exploit, use double URL encoding to bypass filter. # Proof of ...

Continue Reading
CVE-2022-2227

Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a ...

Continue Reading
Cisco Unified Communications Products Arbitrary File Read Vulnerability

A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unifie ...

Continue Reading
Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwr ...

Continue Reading

Back to Main

Subscribe for the latest news: