CVE-2023-24604

OX App Suite before backend 7.10.6-rev37 does not check HTTP header lengths when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of header data.Read More ...

Continue Reading

May 29, 2023

CVE-2023-24602

OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title.Read More ...

Continue Reading

May 29, 2023

CVE-2023-24599

OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion."Read More ...

Continue Reading

May 29, 2023

CVE-2023-24605

OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens.Read More ...

Continue Reading

May 29, 2023

CVE-2023-33291

In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. (It cannot be ...

Continue Reading

May 29, 2023

CVE-2021-4336

A vulnerability was found in ITRS Group monitor-ninja up to 2021.11.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file modules/reports/models/scheduled_ ...

Continue Reading

May 29, 2023

CVE-2023-31873

Gin 0.7.4 allows execution of arbitrary code when a crafted file is opened, e.g., via require('child_process').Read More ...

Continue Reading

May 29, 2023

CVE-2023-33926

Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps plugin Read More ...

Continue Reading

May 28, 2023

1 765 766 767 768 769 3,551

Back to Main
Subscribe for the latest news: