Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java...
Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting...
The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery. Date published : 2022-09-24 https://github.com/lionello/secp256k1-js/commit/302800f0370b42e360a33774bb808274ac729c2e https://github.com/lionello/secp256k1-js/compare/1.0.1…1.1.0
In Grandstream GSD3710 in its 1.0.11.13 version, it’s possible to overflow the stack since it doesn’t check the param length before using the sscanf instruction. Because of that, an attacker could create a socket...
There exists an arbitrary memory read within the Linux Kernel BPF – Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned...
A cleartext transmission of sensitive information exists in Rocket.Chat
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content...
A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary...
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory....
A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat
Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in 3D Tag Cloud plugin
Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Optimizer plugin
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_payment.php. Date published : 2022-09-23 https://github.com/autumnmap/Bug_report/blob/main/vendors/mayuri_k/online-tours-travels-management-system/SQLi-2.md
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search_term parameter at /net-banking/transactions.php. Date published : 2022-09-23 https://github.com/0clickjacking0/BugReport/blob/main/online-banking-system/sql_injection6.md https://github.com/zakee94/online-banking-system/issues/11
