Marcio Almeida

Researcher fromTanto Security
#12712of 53,632
21.2Total CVSS
Vulnerabilities · 3
Medium
1
High
1
Critical
1
PT-2025-20551
9.3
2025-05-09
Kong · Kong Insomnia Desktop Application · CVE-2025-1087
**Name of the Vulnerable Software and Affected Versions** Kong Insomnia Desktop Application versions prior to 11.0.2 **Description** The Kong Insomnia Desktop Application is susceptible to a template injection issue. This flaw stems from inadequate validation of user-provided input during template string processing, potentially enabling attackers to execute arbitrary JavaScript code within the application's context. The vulnerability allows for remote code execution via cookies and imports. **Recommendations** Versions prior to 11.0.2 should be updated to version 11.0.2 or later.
PT-2024-29091
4.4
2024-07-29
Apple · Macos Monterey · CVE-2024-40834
**Name of the Vulnerable Software and Affected Versions** macOS Sonoma versions 14.0 through 14.5 macOS Monterey versions 12.0 through 12.7.5 macOS Ventura versions 13.0 through 13.6.7 **Description** The issue allows a shortcut to potentially bypass sensitive Shortcuts app settings. This is addressed by adding an additional prompt for user consent. The vulnerability may enable arbitrary command execution and file leaks across all Apple devices. **Recommendations** For macOS Sonoma versions 14.0 through 14.5, update to macOS Sonoma 14.6. For macOS Monterey versions 12.0 through 12.7.5, update to macOS Monterey 12.7.6. For macOS Ventura versions 13.0 through 13.6.7, update to macOS Ventura 13.6.8.
PT-2022-25819
7.5
2022-09-25
Dompdf · Dompdf · CVE-2022-41343
**Name of the Vulnerable Software and Affected Versions** Dompdf versions prior to 2.0.1 **Description** The issue allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a `@font-face` rule. This is related to the `registerFont` function in `FontMetrics.php`. **Recommendations** For versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider disabling the `registerFont` function in `FontMetrics.php` to prevent remote file inclusion until a patch is applied. Restrict access to the `FontMetrics.php` file to minimize the risk of exploitation. Avoid using the `@font-face` rule in affected API endpoints until the issue is resolved.