Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service via the administrative web interface. Date published : 2021-07-07 https://docs.pexip.com/admin/security_bulletins.htm#CVE-2021-31925 https://docs.pexip.com/admin/security_bulletins.htm
IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212. Date published : 2021-07-07 https://www.ibm.com/support/pages/node/6469449 https://exchange.xforce.ibmcloud.com/vulnerabilities/202212
Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel. Date published : 2021-07-07...
The Agent in NinjaRMM 5.0.909 has Insecure Permissions. Date published : 2021-07-07 https://improsec.com/tech-blog/privilege-escalation-vulnerability-in-ninjarmm https://www.ninjarmm.com
The Agent in NinjaRMM 5.0.909 has Incorrect Access Control. Date published : 2021-07-07 https://improsec.com/tech-blog/privilege-escalation-vulnerability-in-ninjarmm https://www.ninjarmm.com
An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability. Date published : 2021-07-07 https://developer.joomla.org/security-centre/860-20210705-core-xss-in-com-media-imagelist.html
An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in com_installer lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL for com_installer is...
An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine existing user sessions when a user’s password was changed or the user was blocked. Date published : 2021-07-07 https://developer.joomla.org/security-centre/858-20210703-core-lack-of-enforced-session-termination.html
An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table. Date published : 2021-07-07 https://developer.joomla.org/security-centre/857-20210702-core-dos-through-usergroup-table-manipulation.html
An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the rules field of the JForm API leads to a XSS vulnerability. Date published : 2021-07-07 https://developer.joomla.org/security-centre/856-20210701-core-xss-in-jform-rules-field.html
Prototype pollution vulnerability in ‘just-safe-set’ versions 1.0.0 through 2.2.1 allows an attacker to cause a denial of service and may lead to remote code execution. Date published : 2021-07-07 https://github.com/angus-c/just/commit/dd57a476f4bb9d78c6f60741898dc04c71d2eb53 https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25952
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space Date published :...
An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details Date published : 2021-07-07 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22233.json https://gitlab.com/gitlab-org/gitlab/-/issues/329446
A denial of service in user’s profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username. Date published :...