斉藤和義が4月12日(水)にリリースする通算22作目となるオリジナルアルバム『PINEAPPLE』に…
CRYPTREC暗号リストおよび仕様書を改定 2013年以来
デジタル庁、総務省、経済産業省の暗号技術検討会および関連委員会(CRYPTREC)は3月31日、CR…
ゲーム感覚でピアノが上達「PopuPiano」 軽量コンパクトで持ち運び便利
楽器の輸入・販売・企画を行うワイアード・ミュージック(さいたま市)は、「PopuPiano(ポップピ…
PMFを目指すスタートアップ必見!才流 栗原康太が教える「保存版・PMFの成功パターン11」【シード・ゼミレポート第5回】
創業期のスタートアップを対象とした講座「シード・ゼミ」(主催・ビタミン株式会社)のレポート第5回は、株式会社才流 代表取締役社長・栗原康太さんによる「PMF(プロダクトマーケットフィット)のパターンと必要なアクション」を […]
The post PMFを目指すスタートアップ必見!才流 栗原康太が教える「保存版・PMFの成功パターン11」【シード・ゼミレポート第5回】 appeared first on Marketing Native(マーケティング ネイティブ).
[xml2js] xml2js is vulnerable to prototype pollution
xml2js versions before 0.5.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.
References
…
[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to cross-site scripting (XSS) via stopword parameter
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to cross-site scripting (XSS) because it fails to sanitize user input in the stopword parameter. This has been fixed in 3.1.12.
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1884
https://github.co…
[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via FAQ News link parameter
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting (XSS) because it fails to sanitize user input in the FAQ News link parameter. This has been fixed in 3.1.12.
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1757
https…
[grumpydictator/firefly-iii] Firefly III insufficiently expires sessions
Firefly III prior to 6.0.0 insufficiently expires sessions upon close.
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1788
https://github.com/firefly-iii/firefly-iii/commit/68f398f97cbe1870fc098d8460bf903b9c3fab30
https://huntr.dev/bounties/7932…
[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to business logic errors
thorsten/phpmyfaq prior to 3.1.12 allows users with edit-only permissions to add and delete categories and add FAQs. This has been fixed in 3.1.12.
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1887
https://github.com/thorsten/phpmyfaq/commit/4…
[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to authentication bypass
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to authentication bypass by capture-relay that allows unlimited comments to be sent. This has been fixed in 3.1.12.
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1886
https://github.com/thorsten/p…