Cross-site Scripting (XSS) – Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-2890
https://github.com/yetiforcecompany/yetiforcecrm/commit/2c14baaf8dbc7fd82d5c585f2fa0c23528…
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method
References
https://nvd.nist.gov/vuln/detail/CVE-2022-…
The AP officers account is authorized to Backup and Restore the Database, Due to this he/she can download the backup and see the password hash of the System Administrator account, The weak hash (MD5) of the password can be easily cracked and get the ad…
Cross-site Scripting (XSS) – Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-2885
https://github.com/yetiforcecompany/yetiforcecrm/commit/a9ad9ee089b575855b9e5e202b4990a158…
In Jellyfin before 10.8, the /users endpoint has incorrect access control for admin functionality. This lack of access control can be leveraged to performe a cross site scripting attack.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-35909
https…
A stored cross-site scripting (XSS) vulnerability in Kirby’s Starterkit v3.7.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tags field.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-35174
h…
lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-36599
https://github.com/omniauth/omniauth/commit/43a396f181ef7d0ed2ec8291c939c95e3e…
Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-35540
https://github.com/dotnetcore/AgileConfig/issues/91
ht…
Impact
A low severity security issue was discovered affecting parsing of the RPC result of the exit reason in case of EVM reversion. In release build, this would cause the exit reason being incorrectly parsed and returned by RPC. In debug build, this w…
Ward Beullens found a practical key-recovery attack against Rainbow.
The level I parametersets are removed from liboqs starting from version 0.7.2.
Find the scientific details in Breaking Rainbow Takes a Weekend on a Laptop.
This means all the oqs::sig…
