A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
References
https://nvd.nist.gov/vul…
RocketChat Notifier Plugin 1.4.10 and earlier does not perform a permission check in a method implementing form validation.This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and …
Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting (XSS) exploitable by attackers with Item/Configure permission or o…
Republican Rep. Darrell Issa (California) criticized Democrats and the media for censoring coverage of Hunter Biden‘s laptop to protect and help President Joe Biden win the 2020 Election. The accusation came three days after Rep. Elyse Stefanik (R-New …
米司法当局が4人のロシア政府関係者の起訴を明らかにした。4人は世界のエネルギー部門を標的としたサイバ…
スクウェア・エニックスから2022年3月18日に発売されたPS5/PS4/Xbox Series X…
Poetry prior to v1.1.9 was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malicious content. This vulnerability occurs when the appli…
In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-24302
https://github.com/paramiko/par…
This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restri…
事故や事件などによる子どもの死亡を防ぐため、過去の事例を専門家が検証することを「チャイルド・デス・レ…
