SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-42655
https://github.com/siteserver/cms/issues/3237
https://github.com/advisories/GHSA-5xr5-v2h7-2w7w
SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-42655
https://github.com/siteserver/cms/issues/3237
https://github.com/advisories/GHSA-5xr5-v2h7-2w7w
SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-42656
https://github.com/siteserver/cms/issues/3238
https://github.com/advisories/GHSA-2xwp-7j3p-c78x
Session Fixation in GitHub repository filegator/filegator prior to 7.8.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-1849
https://github.com/filegator/filegator/commit/fcd3995f64f5dfc6a4c2c059cc22a2fef1e81225
https://huntr.dev/bounties/881f8…
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affe…
A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0…
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-25974
https://…
In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file.
References
https://nvd.nist.gov/vuln…
Impact
Possible consensus split given maliciously-crafted AttesterSlashing or ProposerSlashing being included on-chain.
Since we represent uint64 values as native javascript numbers, there is an issue when those variables with large (greater than 2^53)…
Impact
What kind of vulnerability is it? Who is impacted?
Disclosed by Aapo Oksman (Senior Security Specialist, Nixu Corporation).
PyJWT supports multiple different JWT signing algorithms. With JWT, an
attacker submitting the JWT token can choose the…
Impact
TensorFlow’s saved_model_cli tool is vulnerable to a code injection:
saved_model_cli run –input_exprs ‘x=print(“malicious code to run”)’ –dir ./
–tag_set serve –signature_def serving_default
This can be used to open a reverse shell …