(Pwn2Own) Adobe Acrobat Reader DC AnnotsString Prototype Pollution API Restrictions Bypass Vulnerability
This vulnerability allows remote attackers to bypass API restrictions on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the targe ...
Continue Reading
August 16, 2023
(Pwn2Own) Adobe Acrobat Reader DC Object Prototype Pollution API Restrictions Bypass
This vulnerability allows remote attackers to bypass API restrictions on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the targe ...
Continue Reading
August 16, 2023
(Pwn2Own) Adobe Acrobat Reader DC Protected API Restrictions Bypass Vulnerability
This vulnerability allows remote attackers to bypass JavaScript API restrictions on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in tha ...
Continue Reading
August 16, 2023
CVE-2021-22008
The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending ...
Continue Reading
August 16, 2023
CVE-2022-46901
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface ...
Continue Reading
August 16, 2023
CVE-2022-46902
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows ...
Continue Reading
August 16, 2023
CVE-2022-34155
Improper Authentication vulnerability in miniOrange OAuth Single Sign On â SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On â SSO (OAuth Client) ...
Continue Reading
August 15, 2023
CVE-2023-36622
The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter.Read More ...
Continue Reading
August 15, 2023
CVE-2023-32731
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of ...
Continue Reading
August 15, 2023
CVE-2023-34429
Weintek Weincloud v0.13.6 could allow an attacker to cause a denial-of-service condition for Weincloud by sending a forged JWT token.Read More ...
Continue Reading
August 15, 2023
