Tag
#git
Ssolon <= 2.6.0 and <=2.5.12 is vulnerable to Deserialization of Untrusted Data.
Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.
By Deeba Ahmed Vidar infostealer is capable of stealing browsing data, including passwords, cryptocurrency wallet credentials, and other personal information. This is a post from HackRead.com Read the original post: Sophisticated Booking.com Scam Targeting Guests with Vidar Infostealer
An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file.
An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file.
A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue
kkFileView v4.3.0 is vulnerable to Incorrect Access Control.
TinyDir versions 1.2.5 and below suffer from a buffer overflow vulnerability with long path names.
PHPJabbers Appointment Scheduler version 3.0 suffers from a CSV injection vulnerability.
PHPJabbers Appointment Scheduler version 3.0 suffers from a missing rate limiting control that can allow for resource exhaustion.