In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could utilize an improper input validation on an API-submitted parameter to exe ...

Continue Reading

September 28, 2022

The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint i ...

Continue Reading

September 28, 2022

[![PowerPoint Mouseover Trick](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgRdLCnYaPXc_hVvRWhZ1nKYDtBRo6rwk1xGSO3wDrqcJ04igkpjKQyuyHKgmgeHL6GS7XLJjB6WCffBWb-ntXiCGFrcggxS3t1sQxo2LiuX7WI9 ...

Continue Reading

September 28, 2022

Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this ...

Continue Reading

September 27, 2022

The Knot Resolver is a DNSSEC-enabled caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core t ...

Continue Reading

September 27, 2022

Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses.Read More ...

Continue Reading

September 27, 2022

Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This logic wa ...

Continue Reading

September 27, 2022

mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attac ...

Continue Reading

September 27, 2022