Category: CVSS3 - CRITICAL
CVE-2023-29863

Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulnerability via the tem:statement parameter in the WSDL files.Read More ...

Continue Reading

August 15, 2023

CVE-2023-1547

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Elra Parkmatik allows SQL Injection through SOAP Parameter Tampering, Command Line Execution throu ...

Continue Reading

August 15, 2023

CVE-2023-3452

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. This allows unauthenticated attackers to include and execu ...

Continue Reading

August 12, 2023

(RHSA-2023:4623) Important: Red Hat OpenShift Service Mesh 2.2.9 security update

Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. Security Fix(es): * envoy: Clie ...

Continue Reading

August 11, 2023

(RHSA-2023:4624) Important: Red Hat OpenShift Service Mesh Containers for 2.3.6 security update

Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Security Fix(es): * ...

Continue Reading

August 11, 2023

(RHSA-2023:4623) Important: Red Hat OpenShift Service Mesh 2.2.9 security update

Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. Security Fix(es): * envoy: Clie ...

Continue Reading

August 11, 2023

Metasploit weekly wrap-up

## New module content (1) ### Metabase Setup Token RCE ![Metasploit weekly wrap-up](https://blog.rapid7.com/content/images/2023/08/metasploit-ascii-1-2.png) Authors: Maxwell Garrett, Shubham Shah, and ...

Continue Reading

August 11, 2023

Metabase Remote Code Execution Exploit

Metabase versions before 0.46.6.1 contain a flaw where the secret setup-token is accessible even after the setup process has been completed. With this token a user is able to submit the setup function ...

Continue Reading

August 09, 2023

Metabase Remote Code Execution

Post ContentRead More ...

Continue Reading

August 09, 2023

CVE-2023-3632

Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass.This issue affects Kunduz - Hom ...

Continue Reading

August 09, 2023

Load more