This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue Reading
12 июля, 2022
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue Reading
12 июля, 2022
### Overview Affected versions have no limit to using unsafe-accessor. Can be ignored if `SecurityCheck.AccessLimiter` not setup ### Details If UA was loaded as a named module, the internal data of UA ...
Continue Reading
12 июля, 2022
### Impact All versions of Argo CD starting with 2.3.0 are vulnerable to a cross-site scripting (XSS) bug which could allow an attacker to inject arbitrary JavaScript in the `/auth/callback` page in a ...
Continue Reading
12 июля, 2022
### Impact All versions of Argo CD starting with v0.4.0 are vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious (or otherwise untrustworthy) OIDC provid ...
Continue Reading
12 июля, 2022
Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation ...
Continue Reading
12 июля, 2022
The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting (XSS) via the query string parameter q. In the case where it does not contain the http string, it is used to build the er ...
Continue Reading
12 июля, 2022
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, a ...
Continue Reading
12 июля, 2022
Back to Main
