Barracuda Agrees to Acquire Skout Cybersecurity

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2021-23403
PUBLISHED: 2021-07-02

All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge() function due to lack of validation input.

PUBLISHED: 2021-07-02

All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality.

PUBLISHED: 2021-07-02

Emissary is a P2P-based, data-driven workflow engine. Emissary version 6.4.0 is vulnerable to Server-Side Request Forgery (SSRF). In particular, the `RegisterPeerAction` endpoint and the `AddChildDirectoryAction` endpoint are vulnerable to SSRF. This vulnerability may lead to credential leaks. Emiss…

PUBLISHED: 2021-07-02

A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through allows an authenticated attacker to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEngine/eShop. By default, the query is executed as DBA.

PUBLISHED: 2021-07-02

Kirby is a content management system. In Kirby CMS versions 3.5.5 and 3.5.6, the Panel’s `ListItem` component (used in the pages and files section for example) displayed HTML in page titles as it is. This could be used for cross-site scripting (XSS) attacks. Malicious authenticated Panel users can e…