CVE-2023-38286

Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Si ...

Continue Reading

July 14, 2023

CVE-2023-3649

iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture fileRead More ...

Continue Reading

July 14, 2023

CVE-2023-3648

Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture fileRead More ...

Continue Reading

July 14, 2023

CVE-2023-37466

vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versio ...

Continue Reading

July 14, 2023

CVE-2023-3668

Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21.Read More ...

Continue Reading

July 14, 2023

CVE-2023-37849

A DLL hijacking vulnerability in Panda Security VPN for Windows prior to version v15.14.8 allows attackers to execute arbitrary code via placing a crafted DLL file in the same directory as PANDAVPN.ex ...

Continue Reading

July 14, 2023

CVE-2023-37599

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directoryRead More ...

Continue Reading

July 14, 2023

CVE-2023-37839

An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows attackers to execute arbitrary code via uploading a crafted PHP file.Read More ...

Continue Reading

July 14, 2023

1 409 410 411 412 413 3,551

Back to Main
Subscribe for the latest news: