Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR).Read More ...
Continue Reading
July 08, 2022
An issue in the isSVG() function of Known v1.2.2+2020061101 allows attackers to execute arbitrary code via a crafted SVG file.Read More ...
Continue Reading
July 08, 2022
Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack.Read More ...
Continue Reading
July 08, 2022
A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text fie ...
Continue Reading
July 08, 2022
A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client ...
Continue Reading
July 07, 2022
In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the local machine via touchpoints during installation. Those touchpoints can, for example, alter the command-li ...
Continue Reading
July 07, 2022
An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.Read More ...
Continue Reading
July 07, 2022
An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.Read More ...
Continue Reading
July 07, 2022
Back to Main
