drupal/core is vulnerable to Access Control Bypass. The API was not integrated with existing permission controls, resulting in access bypass for users who have access to revisions of content, but not ...
Continue Reading
May 12, 2023
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is vulnerable to an authentication bypass (CVE-2022-43939) and a Server Side Template Injection ...
Continue Reading
May 11, 2023
net.opentsdb:opentsdb is vulnerable to Command Injection. Insufficient validation of parameters passed to the legacy HTTP query API allows crafted OS commands to bypass validation, allowing malicious ...
Continue Reading
May 11, 2023
The version of Mattermost Server running on the remote host is prior to 7.1.6 or 7.2.x prior to 7.7.2. It is, therefore, affected by an information disclosure vulnerability. When running in a High Ava ...
Continue Reading
May 11, 2023
Post ContentRead More ...
Continue Reading
May 11, 2023
## 1. EXECUTIVE SUMMARY * **CVSS v3 7.2 ** * **ATTENTION:** Exploitable remotely/low attack complexity * **Vendor:** Siemens * **Equipment:** SIMATIC Cloud Connect 7 * **Vulnerabilities:** I ...
Continue Reading
May 11, 2023
Last week, there were 58 vulnerabilities disclosed in 43 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 27 Vulnerabi ...
Continue Reading
May 11, 2023
opentsdb is vulnerable to Cross-site Scripting (XSS). The vulnerability exists due to the insufficient validation of parameters reflected in error messages in the `internalError` and `badRequest` func ...
Continue Reading
May 11, 2023
Back to Main
