PT-2023-22002 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud server versions prior to 24.0.10 Nextcloud server versions prior to 25.0.4 Description: The issue affects Nextcloud server, an open source home cloud implementation, where users who should not have download permissions can still...

CVE-2023-28435 Dataease file upload interface does not verify permission or file type

Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has bee...

answer 代码问题漏洞

answer is an open source knowledge-based community software. An access control error vulnerability exists in versions of answer prior to 1.0.6 that stems from insufficient session expiration. An attacker could exploit the vulnerability by using a token to gain unauthorized access to an applicatio...

answer 跨站脚本漏洞

answer is an open source knowledge-based community software. A cross-site scripting vulnerability exists in answer versions prior to 1.0.7, which stems from stored cross-site scripting XSS...

github-slug-action vulnerable to arbitrary code execution

Impact This action uses the github.headref parameter in an insecure way. This vulnerability can be triggered by any user on GitHub on any workflow using the action on pull requests. They just need to create a pull request with a branch name, which can contain the attack payload. Note that...

2022 Year-End API ThreatStats™ Report

In 2022, the Wallarm Threat Research team went through almost 350,000 reports to find 650 API-specific vulnerabilities, and tracked 115 published exploits impacting these vulnerabilities – all of which could negatively impact your business risk posture. The 2022 Year-End API ThreatStats™ Report...

answer 跨站脚本漏洞

answer is an open source knowledge-based community software. A cross-site scripting vulnerability exists in versions of answer prior to 1.0.6. An attacker could exploit this vulnerability to perform a cross-site scripting attack...

CVE-2023-25816 nextcloud vulnerable to Uncontrolled Resource Consumption

Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround ...

Q4-2022 API ThreatStats™ Report

We’re pleased to present the latest quarterly review and analysis of API vulnerabilities and exploits. This time, we’re going to split our discussion into two parts: today this quarterly review, and soon hereafter our year-in-review report. The Q4-2022 ThreatStats™ Report...

MISP 安全漏洞

MISP is an open source software solution. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP versions prior to 2.4.166 that stems from...

playSMS 安全漏洞

playSMS is an open source SMS Short Message Service management software from Anton Raharja, an individual developer in India. A security vulnerability exists in playSMS v1.4.5 and earlier versions, which stems from a type confusion vulnerability in component /auth/fn.php that can be exploited by ...

answer 跨站脚本漏洞

answer is an open source knowledge-based community software. A cross-site scripting vulnerability exists in answer versions prior to 1.0.4, which stems from the presence of stored cross-site scripting XSS...

answer 跨站脚本漏洞

answer is an open source knowledge-based community software. answer suffers from a cross-site scripting vulnerability. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor's announcement...

answer 跨站脚本漏洞

answer is an open source knowledge-based community software. answer suffers from a cross-site scripting vulnerability. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor's announcement...

Talend Open Studio for MDM 代码问题漏洞

Talend Open Studio for MDM is an open source software from Talend Open Source. It provides master data management, data management, integration and data quality in a single platform. A code issue vulnerability exists in Talend Open Studio for MDM that stems from unknown code in the component XML...

KLA20122 Multiple vulnerabilities in Microsoft Open Source Software

Elevation of privilege vulnerability was found in Microsoft Open Source Software. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2022-44689 Related products Microsoft-Windows CVE list CVE-2022-44689 critical KB list Solution Install necessary updates fr...

AyaCMS和Upload 代码问题漏洞

AyaCMS is an extremely simple and free open source PHP website builder. A security vulnerability exists in AyaCMS v3.1.2. An attacker can use this vulnerability to upload arbitrary files...

Vulnerabilities fixed in Microsoft Azure

Vulnerabilities have been fixed in Microsoft Azure. The vulnerabilities allow a malicious party to obtain elevated privileges obtain or to execute arbitrary code under the privileges of the user. The vulnerabilities marked CVE-2022-3602 and CVE-2022-3786 are located in OpenSSL and were previously...

GLPI 代码问题漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

CVE-2022-41535

Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /saccoshield/manageborrower.php...