CVE-2022-31034 Argo CD v0.11.0 is vulnerable to SSO login attacks when initiated from the Argo CD CLI or UI.
A vulnerable Argo CD installation can be uncovered by an attacker by monitoring the rate of successful OAuth2/OIDC login attempts. What is important to
CVE-2022-31017 Zulip is an open-source team collaboration tool. Versions 2.1.0 through 5.2 are vulnerable to a logic error
Zulip is an open-source team collaboration tool. Versions 2.1.0 through and including 5.2 are vulnerable to a logic error. A stream configured
CVE-2022-32999 The cloudlabeling package was discovered to contain a code execution backdoor.
The cloudlabeling package is the most commonly used software package management tool in the Python ecosystem and actively maintained by the Python community. PyPI is
CVE-2022-29097 Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API
Dell WMS 3.6.2 and onwards contains a Cross-site Request Forgery (CSRF) vulnerability in the Configuration API. A malicious user could potentially exploit this
CVE-2022-32209 - XSS in Rails HTML Sanitizer – What You Need to Know
TL;DR:
A cross-site scripting (XSS) vulnerability was discovered in all versions of Rails::Html::Sanitizer when both select and style tags are allowed. Every
Episode
00:00:00
00:00:00