CWE-1021 – Improper Restriction of Rendered UI Layers or Frames
Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead...
CWE-102 – Struts: Duplicate Validation Forms
Description The application uses multiple validation forms with the same name, which might cause the Struts Validator to validate a form that the programmer does...
CWE-1007 – Insufficient Visual Distinction of Homoglyphs Presented to User
Description The software displays information or identifiers to a user, but the display mechanism does not make it easy for the user to distinguish between...
CWE-1004 – Sensitive Cookie Without ‘HttpOnly’ Flag
Description The software uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag. The HttpOnly flag directs compatible...
USN-5448-1: ncurses vulnerabilities
It was discovered that ncurses was not properly checking array bounds when executing the fmt_entry function, which could result in an out-of-bounds write. An attacker...
CVE-2021-4232
A vulnerability classified as problematic has been found in Zoo Management System 1.0. Affected is an unknown function of the file admin/manage-ticket.php. The manipulation with...
CVE-2021-33016
An attacker can gain full access (read/write/delete) to sensitive folders due to hard-coded credentials on KUKA KR C4 control software for versions prior to 8.7...
CVE-2021-33014
An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or...
[R1] Nessus Version 8.15.5 Fixes Multiple Third-Party Vulnerabilities
[R1] Nessus Version 8.15.5 Fixes Multiple Third-Party Vulnerabilities Arnie Cabral Thu, 05/26/2022 - 12:45 Nessus leverages third-party software to help provide underlying functionality. One of...
Twitter Crypto Scams: Bored Ape Yacht Club, Azuki and Other Projects Impersonated to Steal NFTs, Digital Currencies
Scammers are using verified and unverified accounts to impersonate notable NFT projects like Bored Ape Yacht Club and others, tagging Twitter users to drive them...