CVE-2022-30034

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes...

PYSEC-2022-42973

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes...

CVE-2022-30034

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes...

Authentication flaw

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes...

CVE-2022-30034

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes...

PT-2022-23726 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche version 6.3.3.101 Description: This issue allows remote attackers to read arbitrary files on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can be...

Exploit for Improper Authentication in Atlassian Jira_Data_Center

Atlassian Jira Seraph Authentication Bypass RCE（CVE-2022-0540）...

A Year on from the Ransomware Task Force Report

If you follow cybersecurity, you’ve likely seen one of the many articles written recently on the one-year anniversary of the Colonial Pipeline ransomware attack, which saw fuel delivery suspended for six days, disrupting air and road travel across the southeastern states of the US. The Colonial...

CVE-2022-0310

Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via specific user interactions...

CVE-2021-37959

Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page...

GHSA-H972-CWJV-2V39 Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /computer/agent-name/api showed information about tasks typically builds currently running on that agent. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read...

CVE-2020-22983

A Server-Side Request Forgery SSRF vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery SSRF attack via the srcURL parameter to the shortURL task...

CVE-2020-22985

Cross-Site Scripting XSS vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task...

CVE-2020-22986

Cross-Site Scripting XSS vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task...

Cross site scripting

Cross-Site Scripting XSS vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task...

CVE-2020-22986

Cross-Site Scripting XSS vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task...

This Week in Spring - May 10th, 2022

Hi, Spring fans! Im writing this from - I cant believe I get to say this - abroad! Im in London, UK! Now, this is not particularly noteworthy for those millions who already live here. But I dont live here. Im a visitor! I live in San Francisco. I had to fly here! On a plane! With other people!...

Cross site scripting

Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field...

CVE-2021-43712

CVE-2021-43712 corresponds to a Stored XSS vulnerability in Sourcecodester’s Employee Daily Task Management System v1.0, occurring in the Add New Employee Form Name field. The incident is described across multiple sources as enabling a remote attacker to inject/store arbitrary code via the Name f...

Employee Daily Task Management System 跨站脚本漏洞

Employee Daily Task Management System is a web-based application that provides an online platform for company employees to manage their daily tasks. Employee Daily Task Management System version 1.0 contains a cross-site scripting vulnerability that could be exploited by remote attackers to injec...