Google Chrome Security Bypass Vulnerability (CNVD-2022-85089)

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which stems from insufficient data validation in Extensions. An attacker could use this vulnerability to bypass security restrictions...

Contact Form 7 Database Addon < 1.2.6.5 - CSV Injection

The plugin does not validate data when output it back in a CSV file, which could lead to CSV injection PoC Use a Contact Form 7 form and submit an Excel formula in the message field, such as "=5+5" without quotes. Export the entry as CSV using the plugin and import it into Excel...

Google Chrome Security Bypass Vulnerability (CNVD-2022-85084)

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which is caused by insufficient data validation in the bypass file system. An attacker could use this vulnerability to bypass security restrictions...

Microsoft Edge (Chromium) < 107.0.1418.24 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 107.0.1418.24. It is, therefore, affected by multiple vulnerabilities as referenced in the October 27, 2022 advisory. - Type Confusion in V8. CVE-2022-3652 - Heap buffer overflow in Vulkan. CVE-2022-3653 - Use after fr...

Debian DSA-5261-1 : chromium - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5261 advisory. Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. For the...

GHSA-FWVC-9XHJ-26V5 Badaso vulnerable to Remote Code Execution via malicious file upload

Badaso allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users...

CVE-2022-41711

Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users...

CVE-2022-41711

Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users...

Denial Of Service (DoS)

github.com/fluxcd is vulnerable to Denial of Service. The vulnerability exists due to the lack of data fields validation in the metav1.Duration parameter in multiple fluxcd repositories which allows an attacker to cause an application crash...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which is caused by insufficient data validation in the bypass file system. An attacker could use this vulnerability to bypass security restrictions...

CVE-2022-41711

CVE-2022-41711 affects Badaso core (v2.6.0). An unauthenticated attacker can execute arbitrary code on the server due to improper validation of user-uploaded data. Public disclosures in multiple feeds (e.g., Red Hat, Veracode, GHSA) describe remote code execution via malicious file uploads, with ...

CVE-2022-41711

Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users...

CVE-2022-41711

Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 107 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 107.0.5304.62 for Mac, 107.0.5304.68 for linux and 107.0.5304.62/63 Windows contains a number of fixes and improvements -- a...

FreeBSD : chromium -- multiple vulnerabilities (b4ef02f4-549f-11ed-8ad9-3065ec8fd3ec)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b4ef02f4-549f-11ed-8ad9-3065ec8fd3ec advisory. - Type Confusion in V8. CVE-2022-3652 - Heap buffer overflow in Vulkan. CVE-2022-3653 - Use...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 14 security fixes, including: 1369871 High CVE-2022-3652: Type Confusion in V8. Reported by srodulv and ZNMchtss at S.S.L Team on 2022-09-30 1354271 High CVE-2022-3653: Heap buffer overflow in Vulkan. Reported by SeongHwan Park SeHwa on 2022-08-19...

The vulnerability of the InnoDB component of the MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the InnoDB component in the MySQL Database Management System exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the InnoDB component of the MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the InnoDB component of the MySQL Database Server exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

Contact Form Entries < 1.3.0 - CSV Injection

The plugin does not validate data when its output in a CSV file, which could lead to CSV injection. PoC - Submit a form using Contact Form 7, Ninja Forms, Elementor Forms or WP Forms using =5+5 as the value - Export the data as CSV /wp-admin/admin.php?page=vxcfleads - Open the CSV with a...

The vulnerability of the Safe Browsing service in Google Chrome and Microsoft Edge browsers allows a malicious actor to trigger a service failure.

The vulnerability of Google Chrome and Microsoft Edge browsers’ Safe Browsing service is related to insufficient validation of entered data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...