A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via multiple large autoresponder messages.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-4044
https://hackerone.com/reports/1680241
https://matterm…
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-42095
https://github.com/backdrop/backdrop/releases/tag/1.23.0
https://g…
A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-4116
https://access.redha…
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via ‘Comment.’s
References
https://nvd.nist.gov/vuln/detail/CVE-2022-42097
https://github.com/backdrop/backdrop/releases/tag/1.23.0
https://github….
Microweber 1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-33012
https://blog.jitendrapatro.me/cve-2022-33012-account-takeover-through-pas…
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the ‘Card’ content.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-42094
https://github.com/backdrop/backdrop/releases/tag/1.23.0
https:/…
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access …
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write acces…
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access…
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to D…
