An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5…

Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via crafted Socket.IO messages…

All versions of the package ithewei/libhv are vulnerable to Cross-site Scripting (XSS) such that when a file with a name containing a malicious payload is…

All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when untrusted user input is used to build headers values. An attacker can…

All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user input is used to set request headers. An attacker can add…

A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside…

Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the ‘first_name’ and ‘last_name’ parameters of user.php page, allowing an authenticated attacker…

Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the ’email’ parameter of index.php page, allowing an external attacker to dump…

Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 of 2). Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku…

Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to…