With threat indicators - API Security Blog

[SECURITY] Fedora 36 Update: golang-github-grpc-ecosystem-gateway-2-2.7.3-3.fc36

GRPC to JSON proxy generator following the gRPC HTTP spec.Read More ...

May 30, 2022

[SECURITY] Fedora 34 Update: grpcurl-1.8.6-2.fc34

Like cURL, but for gRPC: Command-line tool for interacting with gRPC server s.Read More ...

May 30, 2022

Gitlab — multiple vulnerabilities

Gitlab reports: Runner registration token disclosure through Quick Actions Unprivileged users can add other users to groups through an API endpoint Inaccurate display of Snippet contents can be potent ...

May 30, 2022

Metasploit Weekly Wrap-Up

## CVE-2022-21999 - SpoolFool ![Metasploit Weekly Wrap-Up](https://blog.rapid7.com/content/images/2022/03/metasploit-ascii-1-2.png) Our very own [Shelby Pace]() has added a new module for the [CVE-202 ...

May 30, 2022

New Security Vulnerability Affects Thousands of Self-Managed GitLab Instances

[![GitLab Self-Managed Instances](https://thehackernews.com/new-images/img/a/AVvXsEh4OrdiGnjyt32NTMBZgXDFivys2ugmsWFHG5EaBCobkzwMT661q_9DYff3u7NC4RSiBe-u24cVDAn8H4oD-uoKXeHbScjxNykkpHeOC0rs4pOb-l55P86 ...

May 30, 2022

GitLab GraphQL API User Enumeration

This module queries the GitLab GraphQL API without authentication to acquire the list of GitLab users (CVE-2021-4191). The module works on all GitLab versions from 13.0 up to 14.8.2, 14.7.4, and 14.6. ...

May 30, 2022

CVE-2022-28810: ManageEngine ADSelfService Plus Authenticated Command Execution (Fixed)

![CVE-2022-28810: ManageEngine ADSelfService Plus Authenticated Command Execution (Fixed)](https://blog.rapid7.com/content/images/2022/04/managengine-vuln.jpg) On April 9, 2022, ManageEngine fixed [CV ...

May 30, 2022

CVE-2022-24527: Microsoft Connected Cache Local Privilege Escalation (Fixed)

![CVE-2022-24527: Microsoft Connected Cache Local Privilege Escalation (Fixed)](https://blog.rapid7.com/content/images/2022/04/ms-connected-cache-vuln.jpg) On April 12, 2022, Microsoft published [CVE- ...

May 30, 2022