Author: Cyberthreat Blog

The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors.

Cross-site scripting (XSS) vulnerability in SetucoCMS.

OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.

SetucoCMS allows remote attackers to cause a denial of service.

An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the “token” cookie issued at login.