CVE-2023-37472

Knowage exposes a CVE-2023-37472 SQL injection vulnerability in prior to 8.1.8. The issue arises when user-supplied data is used to build HQL queries, allowing crafted queries to affect subsequent SQL executed by Hibernate, specifically via the endpoint /knowage/restful-services/2.0/documents/lis...

Smartsheet: Smartsheet employees email disclosure through enpoint after login.

Summary: add summary of the vulnerability After login - while validating this issue 858974 - I notice there is an endpoint call /b/home?formName=webop&formAction=SheetLabLoadData&to=68000&ssv=98.0.2 that is bringing emails from some employees. Steps To Reproduce: add details for how we can...