SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability that allows attackers to build and send queries without sanitization.
// weekly digest
// weekly digest
// weekly digest
2022-01-17 00:00 UTC 2022-01-23 23:59 UTC
// total
0
// critical
0
// high
0
// medium
0
// low
0
// new kev
17
// top critical
No CRITICAL CVEs published this week.
// top high
No HIGH CVEs published this week.
// new kev additions
SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability that allows attackers to build and send queries without sanitization.
Microsoft Windows Win32k contains a vulnerability that allows an attacker to escalate privileges.
ActionForm in Apache Struts versions before 1.2.9 with BeanUtils 1.7 contains a vulnerability that allows for denial-of-service (DoS).
The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution.
Improper sanitization in the extension file names is present in Drupal core.
Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.
In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request.
Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.
Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.
Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.