Recent vulnerabilities and exploits

[REVIVE-SA-2021-001] Revive Adserver Vulnerabilities...

CVE-2020-20269 - Caret Editor v4.0.0-rc21 Remote Code Execution...

[REVIVE-SA-2021-001] Revive Adserver Vulnerabilities...

[REVIVE-SA-2021-001] Revive Adserver Vulnerabilities...

Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS....

Westerndigital Mycloud.com1 Github repository available

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process....

Apache Airflow1 Github repository available

Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using utils-extend....

Utils-extend Project Utils-extend3 Github repositories available

HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker can inject arbitrary JavaScript into a HedgeDoc note, which is executed when the note is viewed in slide mode. Depending on the...

XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights. All versions until and including version 1.4.14 are affected running in a Java environment containing the JAX-WS runtime, if using the...

Xstream Project Xstream6 Github repositories available

A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to...

Cisco Asyncos1 Article available

« PREV 1 2 3 4 5 6 7 8 9 10 11 NEXT »