A Cross-Site Scripting issue in Systran Pure Neural Server
Overview : XSS issue in WebUI Translation in Systran Pure Neural Server Affected Product(s) : Systran Pure Neural Server before
Access controls vulnerabilities in containerd containers
Overview : Access controls vulnerabilities in containerd containers Affected Product(s) : containerd v1.4.2 containerd v1.3.8 Vulnerability Details : CVE ID
Privilege issues in Kubernetes kube-apiserver
Overview : Privilege issues in Kubernetes kube-apiserver Affected Product(s) : kube-apiserver v1.18.0-1.18.5 kube-apiserver v1.17.0-1.17.8 kube-apiserver v1.16.0-1.16.12 all kube-apiserver versions prior
Unauthenticated CSV Injection in NetSkope
Overview : CSV injection in netskope Admin UI (Version 75.0) Affected Product(s) : Netskope 75.0 Vulnerability Details : CVE ID
Prediction: Cyber Space in 2021
Cyber landscape predictions FireEye Mandiant has delivered its cyber landscape predictions for the coming year, including growing and affiliate-supported espionage,
Nextcloud Latest vulnerabilities released
Overview : Multiple vulnerabilities reported in Nextcloud Affected Product(s) : Nextcloud Social app version 0.3.1 Nextcloud Social < 0.4.0 Vulnerability
Multiple vulnerabilities reported in GitLab EE
Overview : Multiple vulnerabilities reported in GitLab EE Affected Product(s) : Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. Affected versions
XSS vulnerability in Dashboards section in Kaa IoT Platform v1.2.0
Overview : Kaa IoT Platform version 1.2.0 suffers from a persistent cross site scripting vulnerability. Affected Product(s) : Kaa IoT
Permissions missuses in Nagios XI 5.7.4
Overview : Permissions missuses in Nagios Affected Product(s) : Nagios XI 5.7.4 Vulnerability Details : CVE ID : CVE-2020-5796 Improper
Remote Code Execution in CMSUno 1.6.2
Overview : Remote Code Execution in CMSUno 1.6.2 Affected Product(s) : Version: 1.6.2 Vulnerability Details : CVE ID : CVE-2020-25538
Reflected Cross-Site Scripting (XSS) on API Manager 3.1.0
Overview : Cross-Site Scripting (XSS) vulnerability on API Manager 3.1.0 Affected Product(s) : WSO2 API Manager Vulnerability Details : CVE
HTTP Prototype Pollution and CVE-2020-7703
Prototype Pollution Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing
Jira – Open redirect vulnerability using os_destination
CVE-2019-20901 Proof of Concept : The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version
Tracking Down New WordPress Popup Injection Malware
A new variant of popup injector WordPress malware is spreading and affecting 1000s of WordPress websites. The web master was
Deep Drill Down into Denial of service in nodejs webserver module nghttp2
Overview : nghttpd is a multi-threaded static web server. nghttpd only accepts HTTP/2 connections via NPN/ALPN or direct HTTP/2 connections.
NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user.
Overview : NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user. Security Advisory
WebKitGTK and WPE WebKit Security Advisory WSA-2020-0004
Overview : A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that
Security Advisory for Post-Authentication Stack Overflow on Some Routers and Modem Routers
Overview : Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56,
Overview : Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before
Security Advisory for Post-Authentication Command Injection on Some Routers and Gateways, PSV-2018-0352
Overview : Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6220 before 1.0.0.52, D6400
Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small.
Overview : Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated
Rockwell Automation RSLinx Classic versions 4.1.00 and prior, an authenticated local attacker could modify a registry key
Overview : In Rockwell Automation RSLinx Classic versions 4.1.00 and prior, an authenticated local attacker could modify a registry key,
MongoDB Enterprise Kubernetes Operator 1.2.5
Overview : X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes
The Argo Project is an open source provider of Kubernetes CI/CD workflows, facilitating Infrastructure as Code.
Overview : In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to