graphql-upload is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of file name via the `upload` function.Read More ...
Continue Reading
May 30, 2022
An update that solves one vulnerability and has one errata is now available. Description: This update for cacti, cacti-spine fixes the following issues: cacti-spine was updated to 1.2.20: ...
Continue Reading
May 30, 2022
The Easy!Appointments API authorization is checked against the user's existence, without validating the permissions. As a result, a low privileged user (eg. provider) can create a new admin user via t ...
Continue Reading
May 25, 2022
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. * The attacker creates a workflow that produces a HTML artifact that contains a HTML fi ...
Continue Reading
May 23, 2022
The package git-pull-or-clone before 2.0.2 is vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of t ...
Continue Reading
May 23, 2022
The package ungit before 1.5.20 are vulnerable to Remote Code Execution (RCE) via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values (remote and ref) are ...
Continue Reading
May 23, 2022
# Command Injection vulnerability in [email protected] `git-interface` describes itself as a Interface to work with a git repository in node.js Resources: * Project's GitHub source code: https://gi ...
Continue Reading
May 23, 2022
# Description Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed, and such elevation or changes should have been prevented by the app ...
Continue Reading
May 23, 2022
Back to Main
