CVE-2022-40842

ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery SSRF via rotateimg.php...

Palo Alto Networks Cortex Xsoar 数据伪造问题漏洞

Palo Alto Networks Cortex Xsoar is a Security Orchestration Automation and Response Soar platform from Palo Alto Networks, USA. Palo Alto Networks Cortex Xsoar suffers from a data forgery issue vulnerability that originates from a local elevation of privilege PE, which allows a local attacker wit...

CVE-2022-40488

ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery CSRF...

Apple macOS 数据伪造问题漏洞

Apple macOS is a proprietary operating system developed by Apple Inc. for Mac computers. Apple macOS suffers from a data forgery vulnerability, which arises from an application that may be able to bypass code signature checks...

CVE-2022-38580

Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery SSRF...

node-saml 数据伪造问题漏洞

node-saml is a SAML library that does not depend on any framework running in Node.js. A data forgery issue vulnerability exists in versions prior to node-saml 4.0.0-beta.5, which can be exploited by an attacker to bypass SAML authentication on a website using passport-saml...

PT-2022-25818 · Unknown · Secp256K1-Js

Name of the Vulnerable Software and Affected Versions: secp256k1-js versions prior to 1.1.0 Description: The issue is related to the implementation of ECDSA in the secp256k1-js package, which lacks required r and s validation. This omission can lead to signature forgery. Recommendations: For...

WordPress plugin 3D Tag Cloud 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2022-36032 ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent

ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes...

Cognex 3D-A1000 Dimensioning System 安全漏洞

The Cognex 3D-A1000 Dimensioning System is a compact industrial smart camera capable of capturing moving objects in 3D and 2D from Cognex Corporation. A security vulnerability exists in Cognex 3D-A1000 Dimensioning System version 1.0.3 3354 and prior versions, which is caused by invalid log outpu...

Aruba AOS-CX 跨站请求伪造漏洞

Aruba AOS-CX is a modern programmable network from Aruba. A security vulnerability exists in the Aruba AOS-CX, no information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor announcement...

CVE-2021-39394

mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily add user accounts and modify user information...

Emerson Proficy Machine Edition 数据伪造问题漏洞

Emerson Proficy Machine Edition is an application from Emerson, Inc. an automation solution. A data forgery issue vulnerability exists in Emerson Proficy Machine Edition version 9.00 and prior versions, which stems from the lack of authentication or authorization of packets after a connection is...

Emerson ControlWave 数据伪造问题漏洞

Emerson ControlWave is a highly programmable controller from Emerson Electric U.S. that combines the unique capabilities of a Programmable Logic Controller PLC and a Remote Terminal Unit RTU into a hybrid controller. A data forgery vulnerability exists in all versions of Emerson ControlWave, whic...

WordPress plugin Transposh WordPress Translation 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Transposh WordPres...

SUSE SLES12 Security Update : gpg2 (SUSE-SU-2022:2529-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2529-1 advisory. - GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other...

多款Schneider Electric产品数据伪造问题漏洞

The Schneider Electric OPC UA Modicon Communication Module and the Schneider Electric X80 advanced RTU Communication Module are both products of the French company Schneider Electric. The Schneider Electric OPC UA Modicon Communication Module is an Ethernet communication module with an embedded O...

Motorola Solutions ACE1000 数据伪造问题漏洞

The Motorola Solutions ACE1000 is a remote terminal unit from Motorola Solutions USA. A data forgery vulnerability exists in the Motorola Solutions ACE1000 version that originates from allowing custom applications to be installed via the STS software, the C Toolkit, or the ACE1000 Easy...

Khoros Forum 代码问题漏洞

Khoros Forum Lithium Forum is a forum system from the US-based Khoros Corporation. A security vulnerability exists in the 2017 Q1 release of Khoros Forum Lithium Forum, which stems from a server-side request forgery vulnerability discovered via the uploadurl parameter...

Omron SYSMAC CS/CJ/CP Series 和 NJ/NX Series 数据伪造问题漏洞

Omron SYSMAC CS/CJ/CP Series and Omron SYSMAC NJ/NX Series are products of Omron Corporation, Japan.Omron SYSMAC CS/CJ/CP Series is a series of programmable controllers.Omron SYSMAC NJ/NX Series is a series of machine automation controllers. Omron SYSMAC NJ/NX Series is a series of machine...