18 matches found
📄 RAD FT Dell Firmware A00-00 Privilege Escalation
RAD FT Firmware versions A00-00 Build WP0000051154 and prior are susceptible to a privilege escalation vulnerability due to a failure to properly filter the user-supplied input through the .NET Profiler. Exploit name: RAD FT Dell Firmware Download link:...
CVE-2023-22621
Strapi through 4.5.5 allows authenticated Server-Side Template Injection SSTI that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that executes code on the server into an email template that bypasses t...
CVE-2022-22621
This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions...
CVE-2025-22621
In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the adminallobjects capability to the splunkappsoar role. This addition could lead to improper access control for a low-privileged user that does not hold the "admin" Splunk roles...
CVE-2025-22621 Privilege escalation for users who hold the “splunk_app_soar“ role in the Splunk App for SOAR
In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the adminallobjects capability to the splunkappsoar role. This addition could lead to improper access control for a low-privileged user that does not hold the "admin" Splunk roles...
CVE-2025-22621 Privilege escalation for users who hold the “splunk_app_soar“ role in the Splunk App for SOAR
In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the adminallobjects capability to the splunkappsoar role. This addition could lead to improper access control for a low-privileged user that does not hold the "admin" Splunk roles...
Exploit for Injection in Strapi
CVE-2023-22621-POC CVE-2023-22621: SSTI to RCE by Exploiting E...
@antgineering-studio/strapi (=4.5.5), @beardeddudes/strapi-types (>=0.1.0 <=0.1.1) +126 more potentially affected by CVE-2023-22621 via @strapi/plugin-email (>=0.0.0-a230f29587d4a221c9c686ca4e467b3fb465631a <=4.5.5)
@strapi/plugin-email NPM version =0.0.0-a230f29587d4a221c9c686ca4e467b3fb465631a, =0.1.0, =1.0.1, =4.12.2, =1.0.0, =4.2.0, =4.2.2, =0.0.1, =1.0.1, =0.1.1, =1.0.9, =0.0.1, =0.0.5 and more Source cves: CVE-2023-22621 Source advisory: OSV:GHSA-2H87-4Q2W-V4HF...
@chargeover/strapi (=0.0.1-rc1.1), @cowprotocol/cms (=0.1.0-rc.5) +27 more potentially affected by CVE-2023-22621 via @strapi/plugin-users-permissions (>=4.0.0-beta.0 <=4.5.1)
@strapi/plugin-users-permissions NPM version =4.0.0-beta.0, =1.0.0-alpha.0, =2.1.0, =1.0.0, =0.1.1, =0.0.1, =0.1.0, =1.0.10, =4.3.15 - robsen-strapi-site =0.1.0 - sneakmax =0.1.0 and more Source cves: CVE-2023-22621 Source advisory: OSV:GHSA-2H87-4Q2W-V4HF...
CVE-2023-22621
CVE-2023-22621 affects Strapi up to version 4.5.5. An authenticated attacker with admin access can exploit Server-Side Template Injection (SSTI) in email templates to achieve arbitrary code execution on the server. Multiple connected sources confirm the vulnerability vector and potential RCE via ...
CVE-2023-22621
Strapi through 4.5.5 allows authenticated Server-Side Template Injection SSTI that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that executes code on the server into an email template that bypasses t...
CVE-2023-22621
creationtimestamp| type| source ---|---|--- 2023-04-18 09:12:23+00:00| published-proof-of-concept| https://t.me/ptswarm/170 2023-04-18 17:16:58+00:00| published-proof-of-concept| Telegram/BDIuQxJm2Cl1hcH3rBtjVuiBaQPlmqaGA0Zegr2NgVBdQWM 2023-04-25 15:53:44+00:00| published-proof-of-concept|...
CVE-2022-22621
creationtimestamp| type| source ---|---|--- 2022-03-18 21:29:12+00:00| seen| https://t.me/cibsecurity/39256...
CVE-2022-22621
This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions...
CVE-2022-22621
This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions...
CVE-2022-22621
This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions...
CVE-2022-22621
This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions...
CVE-2022-22621
CVE-2022-22621 is an Apple issue affecting iOS/iPadOS/tvOS/watchOS/macOS where, with physical access to an iOS device, a user may see sensitive information via keyboard suggestions. The vulnerability stems from inadequate checks in the affected component (keyboard suggestions); it is mitigated by...