2022年4月1日(金)0:00に正式オープンとなりました。 Moepedia美少女ゲームカレンダーは、独立した第三者審査期間である、特定非営利活動法人 知的財産振興協会(IPPA)、(一社)日本コンテンツ審査センター、 […]
猫さまに夢のお住まいを!モジュラー型ペットハウス「Purrini PlayMate」
軽量のパーツを組み上げるだけで、コテージやツリーハウスなど、思い思いのペットハウスを作れる「Purr…
[dolibarr/dolibarr] SQL Injection in Dolibarr
An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-36625
https://github.com/Dolibarr/do…
[wpanel/wpanel4-cms] Unrestricted Upload of File with Dangerous Type in WPanel 4
Multiple Remote Code Execution (RCE) vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to (1) Dashboard’s Avatar image, (2) Posts Folder image, (3) Pages Folder image and (4) Gallery Folder image.
References
https://nvd…
[vditor] Cross-site Scripting in vditor
Cross-site Scripting (XSS) – Stored in GitHub repository vanessa219/vditor prior to 3.8.13.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-0350
https://github.com/vanessa219/vditor/commit/e912e36ea98251d700499b1ac7702708d3398476
https://huntr.de…
[asciidoctor-include-ext] Command Injection vulnerability in asciidoctor-include-ext
Impact
Applications using Asciidoctor (Ruby) with asciidoctor-include-ext (prior to version 0.4.0), which render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attac…
[express-openid-connect] URL Redirection to Untrusted Site (‘Open Redirect’) in express-openid-connect
Impact
Users of the requiresAuth middleware, either directly or through the default authRequired option, are vulnerable to an Open Redirect when the middleware is applied to a catch all route.
If all routes under example.com are protected with the requ…
More assistive writing suggestions in Google Docs
Update: [April 1, 2022]: We have updated this post with additional information about these features, including admin controls and feature availability. What’s changing We’ve added several new assistive writing features in Google Docs, which w…
ABBAのキャリアを網羅したCDとLP、映像作品のボックス・セットが発売決定
昨年発売された40年ぶりとなる新作アルバム『Voyage』が世界18ヶ国のチャートで首位を獲得し、全…
Stronger data security and privacy with Google Workspace Client-side encryption, GA support for Drive, Docs, Sheets, and Slides
What’s changing Last year we announced the beta for Google Workspace Client-side encryption. Now, this feature is generally available for Google Drive, Docs, Sheets and Slides, with support for multiple file types including Office files, PDF…