CVE-2021-20873

CVE-2021-20873 affects Yappli Android Apps built with Yappli versions 7.3.6 through 9.30.0. The issue is improper authorization in the Custom URL Scheme handler, which can direct the app to unintended sites via a crafted URL. Reported impact includes potential leakage or alteration of internal in...

CVE-2021-20873

Yappli is an application development platform which provides the function to access a requested URL using Custom URL Scheme. When Android apps are developed with Yappli versions since v7.3.6 and prior to v9.30.0, they are vulnerable to improper authorization in Custom URL Scheme handler, and may ...

Yappli has unspecified vulnerabilities

Yappli, an application development platform from Yappli Japan, has a security vulnerability in Yappli Android Apps that could be exploited by attackers to access malicious websites containing carefully constructed URLs, where the application could be directed to connect to certain unintended...

ThinkPHP SQL Injection Vulnerability (CNVD-2021-103660)

ThinkPHP is a set of PHP-based, open source, lightweight Web application development framework from China Top Think Information Technology. thinkPHP has SQL injection vulnerability, there is no detailed vulnerability details provided...

Siemens Mendix incorrect authorization vulnerability

Siemens Mendix is a low-code application development platform from Siemens, a German company that provides application development, testing, deployment and iteration. The platform provides application development, testing, deployment and iteration. Siemens Mendix contains a security vulnerability...

DAQFactory Deserialization Vulnerability

DAQFactory is a software and application development platform that provides a variety of tools that allow you to easily create HMI/SCADA applications. A deserialization vulnerability exists in DAQFactory 18.1 Build 2347 and earlier versions. An attacker can exploit this vulnerability to corrupt...

DAQFactory Man-in-the-Middle Attack Vulnerability

DAQFactory is a software and application development platform that provides a variety of tools that allow you to easily create HMI/SCADA applications. A man-in-the-middle attack vulnerability exists in DAQFactory 18.1 Build 2347 and earlier versions. The vulnerability can be exploited by an...

[SECURITY] Fedora 34 Update: qt-4.8.7-61.fc34

Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling...

The 2021 OWASP Top 10 Have Evolved: Here's What You Should Know

Late last week, the Open Web Application Security Project OWASP released its top 10 list of critical web application security risks. The last OWASP Top 10 came out in 2017, and in the intervening 4 years, we've seen a fundamental shift in application security that includes greater emphasis on...

5 #TrendTips for Open Source Security

You use many application development tools to create your next masterpiece, but you also need to ensure you're not bringing open source security risks into the equation. Find out how in this article...

Unspecified Vulnerability in IBM Cloud Pak for Applications (CNVD-2021-51808)

IBM Cloud Pak for Applications is an application from IBM America, Inc. Provides cloud-native development solutions that deliver value quickly. A security vulnerability exists in IBM Cloud Pak for Applications v4.3, which can be exploited by attackers to obtain sensitive information...

HisiPHP cross-site scripting vulnerability (CNVD-2021-49144)

HisiPHP is a ThinkPHP and Layui based on the development of a common back-end management framework open source and free , the default integration of permissions management , module management , plug-in management , hooks management , database management and other commonly used features to...

Critical Patch Out for Critical Pulse Secure VPN 0-Day Under Attack

Ivanti, the company behind Pulse Secure VPN appliances, has released a security patch to remediate a critical security vulnerability that was found being actively exploited in the wild by at least two different threat actors. Tracked as CVE-2021-22893 CVSS score 10, the flaw concerns "multiple us...

Benefits of Building a Multi-prong Mousetrap for WAF Policies with ML

The reason behind buying a market-leading Web Application Firewall WAF is to protect your website and web applications from malicious attacks, plus complying with industry or regional data and privacy standards. In addition to the typical OWASP Top 10 vulnerabilities, WAFs need to address a litan...

Pegasystem PEGA Platform Access Control Error Vulnerability (CNVD-2021-30581)

Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem UK. The platform is used to develop applications for BPM Business Process Management, Case Management, Real Time Decision Making and CRM Customer Relationship Management. An access control error vulnerability...

[SECURITY] Fedora 34 Update: qt-4.8.7-60.fc34

Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling...

QCubed 3.1.1 SQL Injection Vulnerability

QCubed SQL Injection ================== | Target: | QCubed Framework | | Vendor: | QCubed | | Version: | all versions including 3.1.1 | | CVE: | CVE-2020-24913 | | Accessibility: | Remote | | Severity: | Critical | | Author: | Wolfgang Hotwagner AIT Austrian Institute of Technology | SUMMARY...

CVE-2021-21307

Lucee Server is a dynamic, Java based JSR-223, tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a...

CVE-2021-21307

CVE-2021-21307 : Lucee Admin has an unauthenticated remote code execution vulnerability in Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. The issue is fixed in those versions; a workaround is to block access to the Lucee Administrator. Public exploitation templates (e.g., an unordere...

CVE-2021-23272 TIBCO BPM Cross Site Scripting (XSS)

The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting XSS attack o...