CVE-2022-23457

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(Str ...

Continue Reading
CVE-2021-36460

VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration ...

Continue Reading
CVE-2022-29603

A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to ...

Continue Reading
Exposure of Sensitive Information to an Unauthorized Actor in DisCatSharp

### Impact Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two `RequireDisCatSharpDeveloperAttribute`s or the `BaseDiscordClient.Li ...

Continue Reading
Improper Input Validation in GeoServer

### Impact The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen ...

Continue Reading
Incorrect Default Permissions in CRI-O

### Impact A bug was found in CRI-O where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with i ...

Continue Reading
Improper Access Control in Shopware

### Impact Permissions set to sales channel context by admin-api are still useable within normal user session ### Patches We recommend updating to the current version 6.4.10.1. You can get the update ...

Continue Reading
Denial of Service in http-swagger

### Impact Allows an attacker to perform a DOS attack consisting of memory exhaustion on the host system. ### Patches Yes. Please upgrade to v1.2.6. ### Workarounds A workaround is to restrict the pat ...

Continue Reading

Back to Main

Subscribe for the latest news: