29 matches found
BIT-JRE-2022-21549
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated...
PT-2026-38767
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated...
PT-2026-37746
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated...
Oracle Tuxedo (April 2026 CPU)
The 22.1.0 and 22.1.1 versions of Tuxedo installed on the remote host are affected by a vulnerability as referenced in the April 2026 CPU advisory. - Vulnerability in the Oracle Tuxedo product of Oracle Fusion Middleware component: Docs-ATMI-IB Net- SNMP. Supported versions that are affected are...
EUVD-2026-9527
The Apocalypse Meow plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 22.1.0. This is due to a flawed logical operator in the type validation check on line 261 of ajax.php — the condition uses && AND instead of || OR, causing the...
CVE-2026-3523 Apocalypse Meow <= 22.1.0 - Authenticated (Administrator+) SQL Injection via 'type' Parameter
The Apocalypse Meow plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 22.1.0. This is due to a flawed logical operator in the type validation check on line 261 of ajax.php — the condition uses && AND instead of || OR, causing the...
CVE-2026-3523
The Apocalypse Meow plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 22.1.0. This is due to a flawed logical operator in the type validation check on line 261 of ajax.php — the condition uses && AND instead of || OR, causing the...
CVE-2026-3523 Apocalypse Meow <= 22.1.0 - Authenticated (Administrator+) SQL Injection via 'type' Parameter
The Apocalypse Meow plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 22.1.0. This is due to a flawed logical operator in the type validation check on line 261 of ajax.php — the condition uses && AND instead of || OR, causing the...
WordPress Apocalypse Meow plugin <= 22.1.0 - Authenticated (Administrator+) SQL Injection via 'type' Parameter vulnerability
Authenticated Administrator+ SQL Injection via 'type' Parameter vulnerability discovered by Louis Deschanel - Patrowl in WordPress Plugin Apocalypse Meow versions = 22.1.0...
EUVD-2022-1016
Malicious code in bioql PyPI...
CVE-2022-0576
Cross-site Scripting XSS - Generic in Packagist librenms/librenms prior to 22.1.0...
CVE-2022-29184
GoCD is a continuous delivery server. In GoCD versions prior to 22.1.0, it is possible for existing authenticated users who have permissions to edit or create pipeline materials or pipeline configuration repositories to get remote code execution capability on the GoCD server via configuring a...
OPENSUSE-SU-2024:11806-1 python310-treq-22.1.0-1.1 on GA media
These are all security issues fixed in the python310-treq-22.1.0-1.1 package on the GA media of openSUSE Tumbleweed...
Code injection
Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query /api/0/api-tokens/ for a list of all tokens created by a user, including tokens with greater scopes, and use...
CVE-2023-39349 Sentry vulnerable to privilege escalation via ApiTokensEndpoint
Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query /api/0/api-tokens/ for a list of all tokens created by a user, including tokens with greater scopes, and use...
CVE-2023-39349 Sentry vulnerable to privilege escalation via ApiTokensEndpoint
Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query /api/0/api-tokens/ for a list of all tokens created by a user, including tokens with greater scopes, and use...
CVE-2022-2560
This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP 22.1.0 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpFile class. The issue results from the lack of proper...
Enterprise Distributed Technologies CompleteFTP Server 路径遍历漏洞
Enterprise Distributed Technologies CompleteFTP Server is a Windows-based SFTP SHH File Transfer Protocol server from Enterprise Distributed Technologies, Australia. A path traversal vulnerability exists in Enterprise Distributed Technologies CompleteFTP Server version v22.1.0, which arises from...
PT-2022-26514 · Ipswitch · Ipswitch Whatsup Gold
Name of the Vulnerable Software and Affected Versions: Ipswitch WhatsUp Gold versions prior to 22.1.0 Description: The issue is related to the SNMP MIB Walker application endpoint, which failed to properly sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary...
OpenJDK: random exponentials issue (Libraries, 8283875)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated...