Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2019-15582: HackerOne

An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment.

CVE
Open in Source
#git

Related news

CVE-2021-34647: Submissions.php in ninja-forms/trunk/includes/Routes – WordPress Plugin Repository

The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via the /ninja-forms-submissions/export REST API which can include personally identifiable information.

CVE-2021-34648: Recently Patched Vulnerabilities in Ninja Forms Plugin Affect Over 1 Million Site Owners

The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the /ninja-forms-submissions/email-action REST API which can be used to socially engineer victims.

CVE-2021-38412: Digi PortServer TS 16 | CISA

Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to achieve further control in.

CVE-2020-21082: There are CSRF and XSS vulnerabilities in the background, which can be combined to steal user cookies and administrator cookies · Issue #2 · magicblack/maccms8

A cross-site scripting (XSS) vulnerability in the background administrator article management module of Maccms 8.0 allows attackers to steal administrator and user cookies via crafted payloads in the text fields for Chinese and English names.

CVE-2021-38174: SAP Security Patch Day – September 2021 - Product Security Response at SAP - Community Wiki

When a user opens manipulated files received from untrusted sources in SAP 3D Visual Enterprise Viewer version - 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.

CVE-2018-5729: [SECURITY] Fedora 26 Update: krb5-1.15.2-7.fc26 - package-announce - Fedora Mailing-Lists

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.

CVE-2018-5730: [SECURITY] Fedora 26 Update: krb5-1.15.2-7.fc26 - package-announce - Fedora Mailing-Lists

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE