CVE-2022-4190

CVE-2022-4190 affects Google Chrome/Chromium prior to version 108.0.5359.71, due to insufficient data validation in Directory. A remote attacker could bypass file system restrictions via a crafted HTML page. The Chrome blog release notes document fixes for this and related CVEs; chromium/chrome m...

CVE-2022-4190

Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. Chromium security severity: Medium...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 28 security fixes, including: 1379054 High CVE-2022-4174: Type Confusion in V8. Reported by Zhenghang Xiao @Kipreyyy on 2022-10-27 1381401 High CVE-2022-4175: Use after free in Camera Capture. Reported by Leecraso and Guang Gong of 360 Alpha Lab on...

CVE-2022-3603

The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV injection...

Arbitrary Code Execution

badaso/core is vulnerable to arbitrary code executions. The vulnerability exists because the construct function of BadasoAuthController.php does not properly validate the data uploaded by the users, allowing an attacker to inject and execute malicious commands...

Badaso vulnerable to Remote Code Execution (RCE)

Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users...

CVE-2022-41705

Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users...

CVE-2022-41705

Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users...

Code injection

Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users...

CVE-2022-41705

Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users...

Badaso 代码问题漏洞

Badaso is an open source Laravel Vue headless CMS. A remote command execution vulnerability exists in uatech Badaso version 2.6.3, which stems from a failure to properly validate user uploaded data and can be exploited by an unauthenticated, remote attacker to remotely execute arbitrary code on t...

PT-2022-26034 · Badaso · Badaso

Name of the Vulnerable Software and Affected Versions: Badaso version 2.6.3 Description: The issue allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users...

CVE-2022-41705

Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users...

Google TensorFlow buffer overflow vulnerability (CNVD-2022-80680)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A buffer overflow vulnerability exists in Google TensorFlow, which stems from tf.rawops.ResizeNearestNeighborGrad's lack of length size validation of the input data. validation, an attacker could exploi...

Google TensorFlow tf.raw_ops.FusedResizeAndPadConv2D buffer overflow vulnerability

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A buffer overflow vulnerability exists in Google TensorFlow versions prior to 2.7.4, 2.8.0 and later, 2.8.1 and later, 2.9.0 and later, and 2.9.1 and earlier, which originates from "tf.rawops...

Design/Logic Flaw

The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection...

Trend Micro Apex One Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...

CVE-2022-3634 Contact Form 7 Database Addon < 1.2.6.5 - CSV Injection

The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does not validate data when output it back in a CSV file, which could lead to CSV injection...

PT-2022-23098 · WordPress · Easy Digital Downloads

Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads WordPress plugin versions prior to 3.1.0.2 Description: The issue concerns the lack of data validation when outputting to a CSV file, potentially leading to CSV injection. This could allow malicious data to be injected...

CVE-2022-3600 Easy Digital Downloads < 3.1.0.2 - Unauthenticated CSV Injection

The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection...