Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 10 THN:7EF04AAF427...

New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks_THN:7EF04AAF4274557391FF629872DDC867

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsnAZNjHSEX7UtabbKNVn68uohH8pK5LKuU2CgckZTJowWHxYmEjx9ROquO9tFsThy-3_759_ko2TQEX4Wm3...

N/A N/A THN
MEDIUM 5.4 PACKETSTORM:224389

πŸ“„ Docmost Cross Site Scripting_PACKETSTORM:224389

Docmost versions prior to 0.71.0 suffer from a persistent cross site scripting vulnerability...

N/A N/A PACKETSTORM
MEDIUM 5.4 PACKETSTORM:224388

πŸ“„ Docmost 0.70.x Authorization Bypass_PACKETSTORM:224388

A low-privileged Docmost user could supply a victim attachmentId to the generic upload endpoint and overwrite another page's stored attachment insi...

N/A N/A PACKETSTORM
HIGH 7.6 PACKETSTORM:224380

πŸ“„ TypeBot Server-Side Request Forgery_PACKETSTORM:224380

TypeBot versions prior to 3.16.0 suffer from a server-side request forgery vulnerability...

N/A N/A PACKETSTORM
HIGH 8.6 PACKETSTORM:224376

πŸ“„ Yeoman Environment 6.0.0 Code Execution_PACKETSTORM:224376

Yeoman Environment versions 2.9.0 through 6.0.0 have an issue where missing generators can be installed without user confirmation, turning attacker...

N/A N/A PACKETSTORM
NONE PACKETSTORM:224373

πŸ“„ Penpot Server-Side Request Forgery_PACKETSTORM:224373

Penpot's remote image import let an authenticated file editor turn a normal media convenience feature into backend-origin server-side request forge...

N/A N/A PACKETSTORM
HIGH 8.3 PACKETSTORM:224372

πŸ“„ Plane Improper Authorization_PACKETSTORM:224372

Plane's asset subsystem trusted workspace slugs and asset UUIDs without enforcing the right membership checks, which let one authenticated user rea...

N/A N/A PACKETSTORM
MEDIUM 4.3 PACKETSTORM:224390

πŸ“„ Docmost 0.70.2 Authorization Bypass_PACKETSTORM:224390

In Docmost versions 0.70.0 through 0.70.2, restricted child pages hidden from public share viewers could still leak through public share search res...

N/A N/A PACKETSTORM
NONE PACKETSTORM:224403

πŸ“„ phpSysInfo 3.4.5 IP Allowlist Bypass_PACKETSTORM:224403

phpSysInfo versions 3.4.5 and below suffer from an IP Allowlist bypass vulnerability...

N/A N/A PACKETSTORM
CRITICAL 10 B351E803-26D7-

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft_B351E803-26D7-5CFC-8727-D423591F86F5

SMBGhost Scanner β€” CVE-2020-0796 SMBv3 vulnerability scanner SMBGhost. Detects vulnerable Windows hosts by sending a malformed SMBv3 negotiation pa...

N/A N/A GITHUBEXPLOIT