Month: June 2022

Ars Technicaは6月7日(米国時間)、「iPhones will be required …

Maritime engineers have launched a “world first” commercially viable workboat that “flies” above the water using electric-powered hydrofoils. The eco-friendly vessels deploy the same foiling technology used by America’s Cup racing yachts, with hydrofoi…

The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript’s Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript’s Function constructor.
Refere…

Cross-site Scripting (XSS) – Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-1997
https://github.com/francoisjacquet/rosariosis/commit/6b22c0b5b40fad891c8cf9e7eeff3e42a35c0bf8
h…

Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-1996
https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10…

Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-30875
https://github.com/mustgundogdu/Research/edit/main/Dolibar_12.0.5-ReflectedXSS,
https://github.com/mustgundogdu/…

api-res-py package in PyPI 0.1 is vulnerable to a code execution backdoor in the request package.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-31313
https://github.com/rakeshrkz7/as_api_res/issues/1
https://pypi.org/project/api-res-py/
http://…

米俳優マシュー・マコノヘイさんが7日、ホワイトハウスの会見場で銃規制の必要性を訴えた。 マコノヘイさ…