CVE-2022-41294 - How a CORS Issue in IBM Robotic Process Automation Opens the Doors to API Abuse
IBM Robotic Process Automation (RPA) lets businesses automate routine tasks by letting bots talk to APIs. But what if those APIs had a security hole
CVE-2022-39275 Saleor is a GraphQL platform that was affected by a vulnerability that allowed access to data that should only be accessible to the user who is authenticated.
We would also like to announce that our security team has recently discovered another issue related to the GraphQL API. This new issue, discovered by
CVE-2022-3273 Allocation of resources in GitHub repository ikus060/rdiffweb prior to 2.5.0a4 was not limited or throttled.
GitHub now limits the amount of data that can be pulled at once, so you will need to scale up your read task to avoid
CVE-2022-32171 Zinc versions v0.1.9 - v0.3.1 are vulnerable to Stored XSS when using the delete user functionality.
The following example shows how to create a XSS payload by injecting javascript into the user id field of a user.
When making changes to
CVE-2022-2783 In Octopus Server, session cookies could be used as CSRF tokens.
which could allow an attacker to gain access to a system without a cookie being issued. This has been fixed in a security hotfix that
Episode
00:00:00
00:00:00