Shopware: Unauthorized Payment Trigger for Foreign Orders via /store-api/handle-payment

Summary The Shopware Store API endpoint /store-api/handle-payment contains an object-level authorization flaw that allows a low-privileged external user with a normal customer or guest context to trigger the payment flow for another user’s order by supplying a foreign orderId. The affected...

cloud-init 安全漏洞

cloud-init is an industry-standard multi-distribution method for cross-platform cloud instance initialization open-sourced by Canonical. A security vulnerability exists in cloud-init version 25.1.2 and earlier, which stems from the default SocketMode permission of 0666 for...

CVE-2022-20612

A cross-site request forgery CSRF vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set...

RedHat Update for postgresql RHSA-2012:0677-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...