Güncel Güvenlik Açıkları

The web interface of ATX Ucrypt through 3.5 allows authenticated users (or attackers using default credentials for the admin, master, or user account) to include files via a URL in the /hydra/view/get_cc_url url parameter. There can be resultant SSRF. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database

A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to send a specifically crafted query to the server. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database

OroCommerce is an open-source Business to Business Commerce application. In versions 4.1.0 through 4.1.13, 4.2.0 through 4.2.10, 5.0.0 prior to 5.0.11, and 5.1.0 prior to 5.1.1, the JS payload added to the product name may be executed at the storefront when adding a note to the shopping list line item containing a vulnerable product. An…

ReportPortal is an AI-powered test automation platform. Prior to version 5.10.0 of the `com.epam.reportportal:service-api` module, corresponding to ReportPortal version 23.2, the ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1 test inside when the test_item.path field is exceeded the allowable `ltree` field type indexing limit (path length>=120, approximately…