Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-40868: Cloudron 6.2 Cross Site Scripting ≈ Packet Storm

In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS.

CVE

Related news

CVE-2021-37124: Security Advisory - Path Traversal Vulnerability in Huawei PC Product

There is a path traversal vulnerability in Huawei PC product. Because the product does not filter path with special characters,attackers can construct a file path with special characters to exploit this vulnerability. Successful exploitation could allow the attacker to transport a file to certain path.Affected product versions include:PC Smart Full Scene 11.1 versions PCManager 11.1.1.97.

Trojan-Proxy.Win32.Ranky.z Unauthenticated Open Proxy

Trojan-Proxy.Win32.Ranky.z malware suffers from an unauthenticated open proxy vulnerability.

Trojan-Proxy.Win32.Ranky.dh Unauthenticated Open Proxy

Trojan-Proxy.Win32.Ranky.dh malware suffers from an unauthenticated open proxy vulnerability.

CVE-2021-36389: Yellowfin Cross Site Scripting / Insecure Direct Object Reference ≈ Packet Storm

In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImage.i4".

CVE-2021-36388: Yellowfin-Multiple-Vulnerabilities/README.md at main · cyberaz0r/Yellowfin-Multiple-Vulnerabilities

In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4".

CVE-2021-36387: Yellowfin-Multiple-Vulnerabilities/README.md at main · cyberaz0r/Yellowfin-Multiple-Vulnerabilities

In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page "ActivityStreamAjax.i4".

Fugue Adds Kubernetes Security Checks to Secure Infrastructure-As-Code

Developers can apply proper security controls as they programmatically deploy Kubernetes clusters.

IDrive Remote Desktop Offers Protection from RDP Cyberattacks and Vulnerabilities

Remote Desktop aims to solve vulnerability issues with RDP by implementing robust access and security controls.

Dolibarr ERP / CRM 14.0.2 Cross Site Scripting / Privilege Escalation

Dolibarr ERP and CRM 14.0.2 suffers from a persistent cross site scripting vulnerability that enables privilege escalation.

Backdoor.Win32.Hupigon.gy Unauthenticated Open Proxy

Backdoor.Win32.Hupigon.gy malware suffers from an unauthenticated open proxy vulnerability.

CVE-2021-38124: Portal

Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution.

Backdoor.Win32.Hupigon.fjcd Unauthenticated Open Proxy

Backdoor.Win32.Hupigon.fjcd malware suffers from an unauthenticated open proxy vulnerability.

CVE-2021-40310: OpenSIS 8.0 'cp_id_miss_attn' - Reflected Cross-Site Scripting (XSS) PoC

OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter.

CVE-2021-36872: wordpress-popular-posts/changelog.md at master · cabrerahector/wordpress-popular-posts

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress Popular Posts plugin (versions <= 5.3.3). Vulnerable at &widget-wpp[2][post_type].

CVE-2021-22526: Potential redirection vulnerability (CVE-2021-22526)

Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4

CVE-2021-22528: Cross-Site Scripting Vulnerability (CVE-2021-22528)

Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4

CVE-2021-22527: Potential information leakage vulnerability (CVE-2021-22527)

Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907