SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. As a result, information stored in the d ...

Continue Reading

January 30, 2023

# Talos Vulnerability Report ### TALOS-2022-1641 ## FreshTomato httpd logs/view.cgi OS command injection vulnerability ##### January 26, 2023 ##### CVE Number CVE-2022-42484 ##### SUMMARY An OS comman ...

Continue Reading

January 30, 2023

# Talos Vulnerability Report ### TALOS-2022-1642 ## FreshTomato httpd update.cgi directory traversal vulnerability ##### January 26, 2023 ##### CVE Number CVE-2022-38451 ##### SUMMARY A directory trav ...

Continue Reading

January 30, 2023

Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. ** ...

Continue Reading

January 30, 2023

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0187-1 advisory. - Rootless containers run with ...

Continue Reading

January 28, 2023

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0032-1 advisory. - Use after free in WebTransport. (CVE-2023-04 ...

Continue Reading

January 28, 2023

[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPMjwmvkC102YnRcbDX88-WrbzI5UOEazsfd59SwlA28dyrgtAxZdmS1bk0CM6EgAS0OuGRXF22rgb_3jtt3E8Co_pWbIGH97B-He8A8Yt4Tfw6Ic4oKCTebznmbUt-QEsd9Wsov ...

Continue Reading

January 28, 2023

spotipy is vulnerable to Path Traversal. An attacker is able to insert arbitrary characters into the path used for API requests which will perform an operation on a different API endpoint than intende ...

Continue Reading

January 28, 2023