CVE-2022-22980

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized...

CVE-2022-22980

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized...

CVE-2022-22980

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized...

Jenkins Plugin Convertigo Mobile Platform 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from a failure to perform permission checks in the...

The Inevitable Need for Advanced Vulnerability Management

We have read enough and more news in recent times on the surge in cyberattacks. It is crystal clear that attackers are not leaving out even the tiniest of security loopholes and are coming up with smarter ways to invade our IT network. Vulnerability management is the most crucial cyber defense...

Upgraded Q -> M from 205 [1655579891083]

Judge has assessed an item in Issue 205 as Medium risk. The relevant finding follows: transfer and send methods are used inside the codebase. Since these methods use 2300 gas stipend which is not adjustable,it may likely to get broken when calling a contract's fallback function if any contract...

GHSA-3JCH-9QGP-4844 Generated code can read and write out of bounds in safe code

Code generated by flatbuffers' compiler is unsafe but not marked as such. See https://github.com/google/flatbuffers/issues/6627 for details. All users that use generated code by flatbuffers compiler are recommended to: 1. not expose flatbuffer generated code as part of their public APIs 2. audit...

How much does access to corporate infrastructure cost?

Division of labor Money has been and remains the main motivator for cybercriminals. The most widespread techniques of monetizing cyberattacks include selling stolen databases, extortion using ransomware and carding. However, there is demand on the dark web not only for data obtained through an...

Security update for caddy (moderate)

openSUSE Security Update: Security update for caddy Announcement ID: openSUSE-SU-2022:10007-1 Rating: moderate References: 1200279 Cross-References: CVE-2022-297182 Affected Products: openSUSE Backports SLE-15-SP4 An update that fixes one vulnerability is now available. Description: This update f...

KB5014164 - Description of the security update for SQL Server 2014 SP3 CU4: June 14, 2022

KB5014164 - Description of the security update for SQL Server 2014 SP3 CU4: June 14, 2022 Summary How to obtain and install the update More information File information Information about protection and security Summary An authenticated attacker could affect SQL Server memory when executing a...

WordPress theme Discy plugin cross-site request forgery vulnerability (CNVD-2022-61898)

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress theme Discy plugin versions prior to 5.2 contain a cross-site request forgery vulnerability that...

java-11-openj9,java-1_8_0-openj9: unverified methods can be invoked using MethodHandles

In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles...

CVE-2022-1421

The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack...

CVE-2022-1421

The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack...

CVE-2022-1421

The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack...

Cross site request forgery (csrf)

The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack...

WordPress theme Discy 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress theme Discy plugin versions prior to 5.2 contain a cross-site request forgery vulnerability that...

Adobe Acrobat and Reader Buffer Overflow Vulnerability

Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods...

CVE-2022-1421 Discy < 5.2 - Settings Update via CSRF

The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack...

Upgraded Q -> M from 119 [1654475092615]

Judge has assessed an item in Issue 119 as Medium risk. The relevant finding follows: Checking whether the receiver is capable of holding ERC721 The contract usessafeTransfer for ERC20 but uses transferFrom for ERC721 in both exercise and withdraw which may lead to the loss of ERC721 if the...