An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-36625
https://github.com/Dolibarr/do…
Multiple Remote Code Execution (RCE) vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to (1) Dashboard’s Avatar image, (2) Posts Folder image, (3) Pages Folder image and (4) Gallery Folder image.
References
https://nvd…
Cross-site Scripting (XSS) – Stored in GitHub repository vanessa219/vditor prior to 3.8.13.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-0350
https://github.com/vanessa219/vditor/commit/e912e36ea98251d700499b1ac7702708d3398476
https://huntr.de…
Impact
Applications using Asciidoctor (Ruby) with asciidoctor-include-ext (prior to version 0.4.0), which render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attac…
Impact
Users of the requiresAuth middleware, either directly or through the default authRequired option, are vulnerable to an Open Redirect when the middleware is applied to a catch all route.
If all routes under example.com are protected with the requ…
Update: [April 1, 2022]: We have updated this post with additional information about these features, including admin controls and feature availability. What’s changing We’ve added several new assistive writing features in Google Docs, which w…
昨年発売された40年ぶりとなる新作アルバム『Voyage』が世界18ヶ国のチャートで首位を獲得し、全…
What’s changing Last year we announced the beta for Google Workspace Client-side encryption. Now, this feature is generally available for Google Drive, Docs, Sheets and Slides, with support for multiple file types including Office files, PDF…
2012年に大統領として再登板したプーチンは、西側のリベラリズムによって二等国に貶められたという歴史観から「ロシアの保守主義」を打ち立てた。それは国内外からのレジーム・チェンジあるいは自由主義圧力を攻撃することでイデオロギーとしての力を獲得し、2014年のクリミア併合、ドネツク・ルガンスク独立宣言へと具…
東日本旅客鉄道株式会社(以下、JR東日本)は、New Relic株式会社(以下、New Relic)…
