Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-28119: panexiang.github.io/CVE-2020-28119.md at gh-pages · i900008/panexiang.github.io

Cross site scripting vulnerability in 53KF < 2.0.0.2 that allows for arbitrary code to be executed via crafted HTML statement inserted into chat window.

CVE
Open in Source

Related news

CVE-2021-38179

Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows Admin User to see the captured packet contents which may include User credentials.

CVE-2021-39880: 2021/CVE-2021-39880.json · master · GitLab.org / cves · GitLab

A Denial Of Service vulnerability in the apollo_upload_server Ruby gem in GitLab CE/EE version 11.11 and above allows an attacker to deny access to all users via specially crafted requests to the apollo_upload_server middleware.

CVE-2021-39365: (CVE-2021-39365) Missing TLS certificate verification (#146) · Issues · GNOME / grilo · GitLab

In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

CVE-2021-39360: Reminder: SoupSessionSync and SoupSessionAsync default to no TLS certificate verification – Michael Catanzaro's Blog

In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE