Input validation

Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to type="text" via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates type="password" inputs...

[SECURITY] Fedora 37 Update: rubygem-rails-7.0.4.3-1.fc37

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration...

CVE-2022-39305

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Versions prior to 2.5.4 contain a file upload ability. The affected code fails to validate fileMd5 and fileName parameters, resulting in an arbitrary file being read. This...

MAL-2022-5647 Malicious code in react-full-stack-starter-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 52fe13ffd214292aa373989d719d8be01b3890076789fa9d05fa2341385f5dc5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-full-stack-starter-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 52fe13ffd214292aa373989d719d8be01b3890076789fa9d05fa2341385f5dc5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3243 Malicious code in full-stack-recruitment-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3aec8517fa64d31641e62204ea4d398fdc230c44b8762289cfb3fe89a690aeec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in full-stack-recruitment-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3aec8517fa64d31641e62204ea4d398fdc230c44b8762289cfb3fe89a690aeec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-24843 Path Traversal in github.com/flipped-aurora/gin-vue-admin

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin 2.50 has arbitrary file read vulnerability due to a lack of parameter validation. This has been resolved in version 2.5.1. There are no known workarounds for th...

Frourio input validation error vulnerability

Frourio is a fast and type-safe full-stack framework for TypeScript. frourio is vulnerable to an input validation error, which stems from the failure of the validator in the product validators/ directory to validate input data, and could be exploited to cause the validator to not work properly fo...

Input validation

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerabilit...

CVE-2022-24711 Remote CLI Command Execution Vulnerability in CodeIgniter4

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerabilit...

CVE-2022-24711 Remote CLI Command Execution Vulnerability in CodeIgniter4

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerabilit...

Code Execution Vulnerability in Damon Database Management System

Wuhan Damon Database Co., Ltd. is a company dedicated to the research, development, sales and service of database management systems and big data platforms, as well as can provide users with full-stack data products and solutions. A code execution vulnerability exists in the Damon Database...

Input validation

Frourio is a full stack framework, for TypeScript. Frourio users who uses frourio version prior to v0.26.0 and integration with class-validator through validators/ folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific...

CVE-2022-23623

Frourio (TypeScript full-stack framework) versions prior to v0.26.0 using validators/ integration may fail input validation for request bodies and queries in certain cases, allowing some input to bypass validation. The root cause is improper validator behavior in the validators/ path. The advisor...

Object Computing micronaut resource management error vulnerability

Object Computing micronaut is a JVM-based full-stack framework from US-based Object Computing, which is primarily used to build modular microservices and serverless applications.A resource management error vulnerability exists in Object Computing Micronaut, which stems from the fact that in the...

Weak Password Vulnerability in Media Server of Zhejiang YUV Technology Co.

Zhejiang YUVE Technology Co., Ltd. is a provider of AIoT products, solutions and full-stack capabilities. A weak password vulnerability exists in the media server of Zhejiang YUV Technology Co. Ltd. that allows an attacker to log in to the backend using a weak password to obtain sensitive...

We’re Hiring!

Were growing and we need to fill these 5 UK based roles: PHP Full-Stack Developer Pen Testing Consultant Red Team Support Digital Forensic Analyst IT Support Technician You can find all the details here. We think were a good bunch and there are some really good perks. If you have the skills and...

Take the Full-Stack Approach to Securing Your Modern Attack Surface

A growing remote-work culture demands a graduation in the approach to security. It’s time to test, monitor, secure, and extend to the application layer. A modern methodology for vulnerability management VM is vital for organizations looking to minimize attack surfaces by prioritizing potential...

Unauthorized Access Vulnerability in YouCloud Full Stack Ops Platform

YouCloud Full Stack O&M Platform provides full-stack agile O&M products such as large-scale monitoring, network monitoring, application performance monitoring, APM, CMDB configuration management repository, and operation automation. Unauthorized access vulnerability exists in UCloud Full Stack O&...