Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.Read More ...
Continue Reading
November 17, 2022
## Summary There is a vulnerability in IBM WebSphere Application Server Liberty used by Rational Asset Analyzer. This vulnerability is located in the GraphQL Java library used by IBM WebSphere Applica ...
Continue Reading
November 17, 2022
This Metasploit module exploits the Git fetch command in the Gitea repository migration process to allow for remote command execution on the system. This vulnerability affect Gitea versions prior to 1 ...
Continue Reading
November 17, 2022
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:5904 advisory. Note that Nessus has not tested for this issue but has instead rel ...
Continue Reading
November 17, 2022
soap is vulnerable to untrusted data deserialization. The vulnerability exists due to lack of authentication in `RPCRouterServlet` which allows an attacker to execute arbitrary code in to the system.R ...
Continue Reading
November 16, 2022
An SQL injection vulnerability exists in the Server Process Manager Service of Quest NetVault Backup. The vulnerability is due to improper validation of user-supplied input on JSON-RPC requests invoki ...
Continue Reading
November 16, 2022
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The following packages have been upgraded to a later upstream version: grafana (7.5.1 ...
Continue Reading
November 16, 2022
Back to Main
