Category: Advisories

The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a...

Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise...

Posted by Eldar Marcussen on Jun 30 JAHx221 - RCE in copy/pasted PHP compat libraries, json_decode function =============================================================================== Several PHP compatability libraries contain a potential...

Posted by malvuln on Jun 30 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/20daf01e941f966b21a7ae431faefc65.txt Contact: malvuln13 () gmail com Media:...

Posted by malvuln on Jun 30 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/49da40a2ac819103da9dc5ed10d08ddb.txt Contact: malvuln13 () gmail com Media:...

Posted by malvuln on Jun 30 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/a8fc1b3f7a605dc06a319bf0e14ca68b.txt Contact: malvuln13 () gmail com Media:...

Posted by Rick Verdoes via Fulldisclosure on Jun 30 CVE-2022-31064 - Stored Cross-Site Scripting in BigBlueButton. ========================= Exploit Title: Stored Cross-Site Scripting (XSS) in BigBlueButton...

Posted by lixts via Fulldisclosure on Jun 30 typeorm CVE-2022-33171 findOne(id), findOneOrFail(id) The findOne function in TypeORM before 0.3.0 can either be supplied with a...

Posted by Andrea Simonca on Jun 30 *🐞 CFP for Hardwear.io NL 2022 is OPEN!* If you have groundbreaking embedded research or an awesome open-source...

Posted by alcaraz on Jun 30 [Apologies for cross-posting] -------------------------------------------------------------------------- C a l l F o r P a p e r s The Workshop...