grocy 2.7.1 – Persistent Cross-Site Scripting
>> AUTHOR: deepcore
grocy 2.7.1 – Persistent Cross-Site Scripting
ManageEngine Applications Manager 14700 – Remote Code Execution (Authenticated)
https://www.pattawee.go.th/U72.html notified by Unravel72
http://www.roiet.go.th notified by TAHU PETIS
The COVR 3902 REVA router with firmware 1.01B0 has hardcoded telnet credentials.
All versions up to and prior to OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from a multitude of remote SQL injection vulnerabilities.
Nord VPN version 6.31.13.0 suffers from an unquoted service path vulnerability.
SiteMagic CMS version 4.4.2 suffers from a remote shell upload vulnerability.
Noise-Java suffers from an issue located in the ChaChaPolyCipherState.encryptWithAd() method defined in ChaChaPolyCipherState.java, where multiple boundary checks are performed to prevent invalid length or offsets from being specified for the…
Noise-Java suffers from an issue located in the AESGCMFallbackCipherState.encryptWithAd() method defined in AESGCMFallbackCipherState.java, where multiple boundary checks are performed to prevent invalid length or offsets from being specified for the…