siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS).
References
https://nvd.nist.gov/vuln/detail/CVE-2022-30349
https://github.com/siteserver/cms/issues/3238
https://github.com/advisories/GHSA-4qf6-vpj8-p4r6
siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS).
References
https://nvd.nist.gov/vuln/detail/CVE-2022-30349
https://github.com/siteserver/cms/issues/3238
https://github.com/advisories/GHSA-4qf6-vpj8-p4r6
Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutt…
HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1.
Referen…
LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-29711
https://github.com/librenms/librenms/pull/13931
https://gi…
LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-29712
https://github.com/librenms/librenms/pull/1393…
An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-29647
https://gist.github.com/aaaahuia/f708c6c8a320e0f3afbb92…
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method
References
https://nvd.nist.gov/vuln/detail/CVE-2022-1929
https://…
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module’s exported function
References
https://nvd.nist.gov/vuln/detail/C…
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method
References
https://nvd.nist.gov/vuln/detail/CVE-2021-43307
https://re…
Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the ‘Open in browser’ option in versions up to 1.6.2, google-it will unsafely concat the result’s link retrieved…