PT-2022-24327 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: JFinal CMS version 5.1.0 Description: The issue allows for SQL Injection via the "/admin/article/list approve" API endpoint. Recommendations: For JFinal CMS version 5.1.0, update to a newer version that contains a fix for this issue. At the...

PT-2022-24326 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: JFinal CMS version 5.1.0 Description: The issue allows for SQL Injection via the "/admin/article/list" API endpoint. Recommendations: For JFinal CMS version 5.1.0, update to a newer version that contains a fix for this issue...

PT-2022-24331 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: JFinal CMS version 5.1.0 Description: The issue allows for SQL Injection via the "/admin/folderrollpicture/list" API endpoint. Recommendations: For JFinal CMS version 5.1.0, update to a newer version that contains a fix for this issue. At the...

PT-2022-24329 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: JFinal CMS version 5.1.0 Description: The issue allows for SQL Injection via the "/admin/contact/list" API endpoint. Recommendations: For JFinal CMS version 5.1.0, update to a newer version that contains a fix for this issue...

PT-2022-24321 · Unknown · Apartment Visitor Management System

Name of the Vulnerable Software and Affected Versions: Apartment Visitor Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the editid parameter at the "/avms/edit-apartment.php" API endpoint. There is no...

PT-2022-24365 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda AC18 router versions 15.03.05.05 through 15.03.05.19 Description: A stack overflow issue was discovered, affecting the Tenda AC18 router. The issue occurs via the urls parameter at the "/goform/saveParentControlInfo" API endpoint...

PT-2022-24364 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda AC18 router versions 15.03.05.05 through 15.03.05.19 Description: A stack overflow issue was discovered via the time parameter at the "/goform/saveParentControlInfo" API endpoint. Recommendations: For versions 15.03.05.05 through...

PT-2022-23521 · Unknown · Garage Management System

Name of the Vulnerable Software and Affected Versions: Garage Management System version 1.0 Description: The issue is related to a persistent cross-site scripting XSS vulnerability. This vulnerability can be exploited via the brand name parameter at the "/brand.php" API endpoint. Recommendations:...

Mattermost: DoS via Playbook

An attacker could create a playbook with a large value for the runsummarytemplate attribute, which doesn't have any size check or validation. This could cause the server to consume an abnormal amount of computing resources and ultimately crash, leading to a denial of service attack. The attack is...

PT-2022-23476 · Tenda · Tenda Ac9

Name of the Vulnerable Software and Affected Versions: Tenda AC9 version 15.03.05.19 Description: A stack overflow issue was discovered via the deviceList parameter at the "/goform/setMacFilterCfg" API endpoint. Recommendations: For Tenda AC9 version 15.03.05.19, avoid using the deviceList...

PT-2022-23825 · D Link · D-Link Dir-816

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 version A2 v1.10CNB04.img Description: The network can be initialized without authentication via the "/goform/wizard end" API endpoint. Recommendations: For D-Link DIR-816 version A2 v1.10CNB04.img, as a temporary workaround,...

PT-2022-23475 · Tenda · Tenda Ac9

Name of the Vulnerable Software and Affected Versions: Tenda AC9 version 15.03.05.19 Description: A stack overflow issue was discovered via the list parameter at the "/goform/setPptpUserList" API endpoint. Recommendations: For Tenda AC9 version 15.03.05.19, avoid using the list parameter in the...

PT-2022-23860 · Piwigo · Piwigo

Name of the Vulnerable Software and Affected Versions: Piwigo version 12.3.0 Description: The issue is related to Cross Site Scripting XSS and can be exploited via the "/search/1940/created-monthly-list" API endpoint. This allows for malicious scripts to be injected into the website...

PT-2022-23824 · D Link · Dir-816

Name of the Vulnerable Software and Affected Versions: D-link DIR-816 A2 version 1.10CNB04 Description: The issue is related to command injection via the /goform/NTPSyncWithHost API endpoint. This allows for potential malicious commands to be executed. There is no information provided about the...

PT-2022-4568 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.10 through 15.1.6 GitLab CE/EE versions 15.2 through 15.2.4 GitLab CE/EE versions 15.3 through 15.3.2 Description: A vulnerability in GitLab CE/EE allows an authenticated user to achieve remote code execution via the...

PT-2022-23480 · Unknown · Pagekit Cms

Name of the Vulnerable Software and Affected Versions: Pagekit CMS version 1.0.18 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under the "/blog/post/edit" API endpoint. The Markdow...

PT-2022-23546 · Unknown · Simple Task Scheduling System

Name of the Vulnerable Software and Affected Versions: Simple Task Scheduling System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/classes/Master.php?f=delete category" API endpoint. Recommendation...

PT-2022-23449 · Unknown · Kensite Cms

Name of the Vulnerable Software and Affected Versions: Kensite CMS version 1.0 Description: The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities can be exploited via the name and oldname parameters at the "/framework/mod/db/DBMapper.xml" API endpoint. Recommendations:...

PT-2022-23459 · Unknown · Edoc-Doctor-Appointment-System

Name of the Vulnerable Software and Affected Versions: Edoc-doctor-appointment-system version 1.0.1 Description: The issue is related to a reflected cross-site scripting XSS vulnerability. This vulnerability is located at the "/patient/index.php" API endpoint and allows attackers to execute...

CVE-2022-36804

Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before...