CVE-2021-1132

A vulnerability in the API subsystem and in the web-management interface of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to access sensitive data. This vu ...

Continue Reading
CVE-2024-52316 Apache Tomcat: Authentication bypass when using Jakarta Authentication API

Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception dur ...

Continue Reading
CVE-2024-52316 Apache Tomcat: Authentication bypass when using Jakarta Authentication API

Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception dur ...

Continue Reading
CVE-2024-11092

The SVGPlus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and outpu ...

Continue Reading
CVE-2024-11092 SVGPlus <= 1.1.0 – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The SVGPlus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and outpu ...

Continue Reading
CVE-2024-11092 SVGPlus <= 1.1.0 – Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The SVGPlus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and outpu ...

Continue Reading
Exploit for Improper Input Validation in Saleor

CVE-2022-39275 POC for CVE-2022-39275. Resources for the advisory: NIST NVD CVE.org Github Security Advisory This is a fork of commit hash: 47f9f5fb29be2b5892c79ace4f23022f397a0a5e link, just re-pus ...

Continue Reading
CVE-2024-38370

GLPI is a free asset and IT management software package. Starting in 9.2.0 and prior to 11.0.0, it is possible to download a document from the API without appropriate rights. Upgrade to...Read More ...

Continue Reading

Back to Main

Subscribe for the latest news: