18 matches found
MAL-2025-40722 Malicious code in zaki-bakwan62-sukiwir (npm)
The package zaki-bakwan62-sukiwir was found to contain malicious code...
CVE-2025-40722
Stored Cross-Site Scripting XSS vulnerability in versions prior to Flatboard 3.2.2 of Flatboard Pro, consisting of a stored XSS due to lack of proper validation of user input, through the replace parameter in /config.php/tags...
CVE-2025-40722 Stored Cross-Site Scripting (XSS) vulnerability on Flatboard
Stored Cross-Site Scripting XSS vulnerability in versions prior to Flatboard 3.2.2 of Flatboard Pro, consisting of a stored XSS due to lack of proper validation of user input, through the replace parameter in /config.php/tags...
CVE-2025-40722 Stored Cross-Site Scripting (XSS) vulnerability on Flatboard
Stored Cross-Site Scripting XSS vulnerability in versions prior to Flatboard 3.2.2 of Flatboard Pro, consisting of a stored XSS due to lack of proper validation of user input, through the replace parameter in /config.php/tags...
CVE-2025-40722
CVE-2025-40722 :A stored XSS exists in Flatboard Pro prior to 3.2.2 due to insufficient validation of user input via the replace parameter in /config.php/tags. The issue affects Flatboard Pro versions before 3.2.2 and can lead to stored XSS as described in multiple sources in the connected docume...
CVE-2022-40722
A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...
CVE-2024-40722
creationtimestamp| type| source ---|---|--- 2024-08-02 14:01:17+00:00| seen| https://t.me/cvedetector/2343 2024-08-09 17:34:13+00:00| seen| https://t.me/arvinclub1/1132...
CVE-2024-40722
CVE-2024-40722 affects the TCBServiSign Windows Version from CHANGING Information Technology. The vulnerability is caused by an API that does not properly validate the length of server-side input, enabling unauthenticated remote attackers to trigger a stack-based buffer overflow when a user visit...
CVE-2024-40722 CHANGING Information Technology TCBServiSign Windows Version - Stack-based Buffer Overflow
The specific API in TCBServiSign Windows Version from CHANGING Information Technology does does not properly validate the length of server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the TCBServiSign, temporarily...
CVE-2022-40722
A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...
CVE-2022-40722
CVE-2022-40722 concerns a misconfiguration of RSA padding in the PingID Adapter for PingFederate used to support Offline MFA with PingID mobile authenticators. Red Hat, NVD, CNNVD and other sources describe that this faulty padding enables pre-computed dictionary attacks that bypass offline MFA. ...
CVE-2022-40722 Misconfiguration of RSA padding for offline MFA in the PingID Adapter for PingFederate.
A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...
CVE-2022-40722 Misconfiguration of RSA padding for offline MFA in the PingID Adapter for PingFederate.
A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...
CVE-2021-40722
creationtimestamp| type| source ---|---|--- 2022-01-14 00:23:57+00:00| seen| https://t.me/cibsecurity/35461...
CVE-2021-40722 AEM Forms Improper Restriction of XML External Entity Reference
AEM Forms Cloud Service offering, as well as version 6.5.10.0 and below are affected by an XML External Entity XXE injection vulnerability that could be abused by an attacker to achieve RCE...
CVE-2021-40722
Adobe Experience Manager (AEM) – CVE-2021-40722 affects AEM Forms Cloud Service and on-prem 6.5.10.0 and earlier via an XML External Entity (XXE) injection that can lead to RCE. The connected advisories list this CVE as part of APSB21-103 and note remediation by upgrading to 6.5.11.0 or applying ...
Adobe: AEM forms XXE Vulnerability
AEM Forms Cloud Service offering, as well as version 6.5.10.0 and below are affected by an XML External Entity XXE injection vulnerability that could be abused by an attacker to achieve RCE. CVE: CVE-2021-40722 Ref: https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html We...
Apple OS X Software Update Command Execution
This module exploits a feature in the Distribution Packages, which are used in the Apple Software Update mechanism. This feature allows for arbitrary command execution through JavaScript. This exploit provides the malicious update server. Requests must be redirected to this server by other means...