GHSA-4P5R-3JMM-652Q Liferay DXP Missing Critical Step in Authentication

Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password TOTP to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user...

Oracle MySQL Security Vulnerabilities

Oracle MySQL is an open source relational database management system from Oracle Corporation. A security vulnerability previously existed in Oracle MySQL's MySQL Installer version 1.6.8, which originated from a vulnerability that allowed a low-privileged attacker to log in to the infrastructure...

Oracle Solaris 安全漏洞

Oracle Solaris is a UNIX operating system from Oracle Corporation. A security vulnerability exists in Oracle Solaris version 10 and 11, which can be exploited by an attacker to compromise Oracle Solaris by logging into Oracle Solaris...

Nuri: HTML injection in email content

Summary: Hi, I just found an issue when register account in https://app.bitwala.com/onboarding/preliminary. It allow hacker injection malicious text include html code in email content. Steps To Reproduce: Make request register below with payload html in ==firstName== and ==lastName== parameter:...