There is a possible regular expression based DoS vulnerability in Active Support. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of ...
Continue Reading
January 19, 2023
There is a potential denial of service vulnerability present in ActiveRecordâs PostgreSQL adapter. In ActiveRecord Read More ...
Continue Reading
January 19, 2023
Gravitee API Management is vulnerable to path traversal. The vulnerability exists in the Email service due to an html injection which allows an attacker to read arbitrary files via a /management/users ...
Continue Reading
January 19, 2023
Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to prov ...
Continue Reading
January 19, 2023
Software development service company CircleCI has published its [incident report]() on a breach that happened in December. CircleCI revealed an engineer's laptop was successfully infected with a yet-t ...
Continue Reading
January 19, 2023
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue Reading
January 19, 2023
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file co ...
Continue Reading
January 19, 2023
A vulnerability was found in ridhoq soundslike. It has been classified as critical. Affected is the function get_song_relations of the file app/api/songs.py. The manipulation leads to sql injection. T ...
Continue Reading
January 18, 2023
Back to Main
