Every1's a fraud 'cuz they pick & choose what they show.

CVE-2023-23596: OS Command Injection in Nginx Proxy Manager

An OS command injection vulnerability exists in versions of Nginx Proxy Manager prior to 2.9.19.
Read more ⟶

CVE-2023-22493: Server Side Request Forgery (SSRF) in RSSHub

RSSHub is vulnerable to SSRF attacks. An attacker to send arbitrary HTTP requests from the server to other servers or resources on the network.
Read more ⟶

CVE-2022-3023: DSN Injection in TiDB Server Importer

TiDB server (importer CLI tool) prior to version 6.4.0 & 6.1.3 is vulnerable to data source name injection. The database name for generating...
Read more ⟶

CVE-2022-29256: OS Command Injection in sharp

sharp prior to version 0.30.4 is vulnerable to OS command injection. The environment PKG_CONFIG_PATH variable is used to install...
Read more ⟶

CVE-2022-23942: Hard-coded Credentials in Apache Doris

Apache Doris use hardcoded key and IV to initialize the cipher used for LDAP password, which may lead to information disclosure.
Read more ⟶