The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users; including those ...
Continue Reading
December 15, 2023
Silverpeas Core 6.3.1 and prior are vulnerable to Cross Site Scripting (XSS) via the message/notification...Read More ...
Continue Reading
December 15, 2023
During the past month, we have observed an increase in the number of malicious ads on Google searches for "Zoom", the popular piece of video conferencing software. Threat actors have ...
Continue Reading
December 15, 2023
CVE-2023-5561-PoC WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published ...
Continue Reading
December 15, 2023
An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML AP ...
Continue Reading
December 15, 2023
An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with lim ...
Continue Reading
December 15, 2023
nuxt-api-party is vulnerable to Denial of Service (DoS). The vulnerability could be exploited via crafting a malicious URL and setting high retry attempts, which allows an attacker to trigger a recurs ...
Continue Reading
December 15, 2023
An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with lim ...
Continue Reading
December 15, 2023
Back to Main
