Kirby CMS 3.5.3.1 – ‘file’ Cross-Site Scripting (XSS)
>> AUTHOR: deepcore
Kirby CMS 3.5.3.1 – ‘file’ Cross-Site Scripting (XSS)
Montiorr version 1.7.6m suffers from a cross site scripting vulnerability via a file upload.
This Metasploit module exploits a pre-auth server-side request forgery (CVE-2021-21975) and post-auth file write (CVE-2021-21983) in VMware vRealize Operations Manager to leak admin creds and write/execute a JSP payload. CVE-2021-21975…
WordPress WPGraphQL plugin version 1.3.5 suffers from a denial of service vulnerability.
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests; however, that feature is disabled by default. In Druid versions prior to 0.20.1, an…
Kimai version 1.14 suffers from a CSV injection vulnerability.
Kimai 1.14 – CSV Injection
Montiorr 1.7.6m – File Upload to XSS
WordPress Plugin WPGraphQL 1.3.5 – Denial of Service
Worm.Win32.Busan.k malware suffers from an insecure transit vulnerability.