Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-48967: A new RCE vulnerability · Issue #226 · noear/solon

Ssolon <= 2.6.0 and <=2.5.12 is vulnerable to Deserialization of Untrusted Data.

CVE
#vulnerability#web#mac#git#java#intel#rce#ldap#firefox
CVE-2023-48910: GitHub - microcks/microcks: Kubernetes native tool for mocking and testing API and micro-services. Microcks is a Cloud Native Computing Foundation sandbox project 🚀

Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.

Sophisticated Booking.com Scam Targeting Guests with Vidar Infostealer

By Deeba Ahmed Vidar infostealer is capable of stealing browsing data, including passwords, cryptocurrency wallet credentials, and other personal information. This is a post from HackRead.com Read the original post: Sophisticated Booking.com Scam Targeting Guests with Vidar Infostealer

CVE-2023-48966: CVE/ThinkAdmin directory traversal+file upload getshell.md at main · 1dreamGN/CVE

An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file.

CVE-2023-48965: CVE/ThinkAdmin Logical defect getshell.md at main · 1dreamGN/CVE

An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file.

GHSA-4g6q-77j7-vvjc: Logging of the firestore key within nodejs-firestore

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue

TinyDir 1.2.5 Buffer Overflow

TinyDir versions 1.2.5 and below suffer from a buffer overflow vulnerability with long path names.

PHPJabbers Appointment Scheduler 3.0 CSV Injection

PHPJabbers Appointment Scheduler version 3.0 suffers from a CSV injection vulnerability.

PHPJabbers Appointment Scheduler 3.0 Missing Rate Limiting

PHPJabbers Appointment Scheduler version 3.0 suffers from a missing rate limiting control that can allow for resource exhaustion.