golang-1.16.15-3.fc35
FEDORA-2022-ffe7dba2cb Packages in this update: golang-1.16.15-3.fc35 Update description: Security fix for CVE-2022-29526 Read More
CVE-2014-3648
The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a...
CVE-2014-3650
Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise...
JAHx221 – RCE in copy/pasted PHP compat libraries, json_decode function
Posted by Eldar Marcussen on Jun 30 JAHx221 - RCE in copy/pasted PHP compat libraries, json_decode function =============================================================================== Several PHP compatability libraries contain a potential...
Backdoor.Win32.EvilGoat.b / Weak Hardcoded Credentials
Posted by malvuln on Jun 30 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/20daf01e941f966b21a7ae431faefc65.txt Contact: malvuln13 () gmail com Media:...
Backdoor.Win32.Coredoor.10.a / Authentication Bypass
Posted by malvuln on Jun 30 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/49da40a2ac819103da9dc5ed10d08ddb.txt Contact: malvuln13 () gmail com Media:...
Backdoor.Win32.Cafeini.b / Weak Hardcoded Credentials
Posted by malvuln on Jun 30 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/a8fc1b3f7a605dc06a319bf0e14ca68b.txt Contact: malvuln13 () gmail com Media:...
BigBlueButton – Stored XSS in username (CVE-2022-31064)
Posted by Rick Verdoes via Fulldisclosure on Jun 30 CVE-2022-31064 - Stored Cross-Site Scripting in BigBlueButton. ========================= Exploit Title: Stored Cross-Site Scripting (XSS) in BigBlueButton...
typeorm CVE-2022-33171
Posted by lixts via Fulldisclosure on Jun 30 typeorm CVE-2022-33171 findOne(id), findOneOrFail(id) The findOne function in TypeORM before 0.3.0 can either be supplied with a...
🐞 CFP for Hardwear.io NL 2022 is OPEN!
Posted by Andrea Simonca on Jun 30 *🐞 CFP for Hardwear.io NL 2022 is OPEN!* If you have groundbreaking embedded research or an awesome open-source...