CVE-2022-38648 SSRF vulnerability in Batik of Apache XML Graphics allows attacker to fetch external resources.
The Apache XML Graphics Batik library is an open source library licensed under the Apache License 2.0. It provides a bridge between the needs
CVE-2022-40705 An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP 2.2 and later versions.
The most common attack scenario is an unauthenticated remote code execution. Due to the fact that RPCRouterServlet is not protected by a filter, an attacker
CVE-2022-40604 Airflow url had formatting issue, allowing for information extraction.
The following flow was not escaping all text within it, allowing for cross site scripting (XSS) attacks. a href="%= request.getPathName() %>">
CVE-2022-39220 SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are vulnerable to Cross-site scripting (XSS) attacks due to a WebClient bug. An update is available.
SFTPGo is susceptible to Cross-site scripting (XSS) vulnerabilities in the WebClient component. According to the vendor, these vulnerabilities have been fixed in version 2.3.
CVE-2022-40955 An attacker with privileges to specify MySQL JDBC connection URL parameters and write to the database can cause deserialized data to be l
Users are advised to upgrade to Apache InLong 1.3.0 or newer. https://github.com/apache/incr/issues/2
Apache InLong 1.2.0
Episode
00:00:00
00:00:00