This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Teams. No user interaction is required if the attacker and target are in the same Teams orga ...

Continue Reading

November 21, 2022

[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEkO_7BLm2yIe2Fg8yqCr8240TtKpuXiqbBiPpcj2nEHt3TMqh5bx4C4zXmnbiAKy5Qyvx2PWJnKoJLjX5dfLD4mLRIvPZYq6pjCUiGFMd4WQZJGMQ_B1eagaeSPZ3AnsDpJVnmS ...

Continue Reading

November 21, 2022

Focus on API security as part of your digital bonding strategy, because APIs are already connecting your business activities.Read More ...

Continue Reading

November 21, 2022

The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive information in its log files (which are publicly accessible), including DeepL API key.Read More ...

Continue Reading

November 21, 2022

An API Endpoint used by Miele's "AppWash" MobileApp in all versions was vulnerable to an authorization bypass. A low privileged, remote attacker would have been able to gain read and partial write acc ...

Continue Reading

November 21, 2022

An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is p ...

Continue Reading

November 21, 2022

In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configura ...

Continue Reading

November 19, 2022

This module exploits a cross-site request forgery (CSRF) vulnerability in F5 Big-IP's iControl interface to write an arbitrary file to the filesystem. While any file can be written to any location as ...

Continue Reading

November 19, 2022