6573 matches found
CVE-2022-1592 Server-Side Request Forgery in scout in clinical-genomics/scout
Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...
Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2022-1617)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2022-1641)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-1584 Reflected XSS in microweber/microweber
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim...
Cross site scripting
Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user'cookie, perform HTTP request, get content of same origin page, etc...
CVE-2022-1554
Path Traversal due to sendfile call in GitHub repository clinical-genomics/scout prior to 4.52...
Path traversal
Path Traversal due to sendfile call in GitHub repository clinical-genomics/scout prior to 4.52...
Improper neutralization of formula elements in yii-helpers
Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained...
GHSA-F9P3-H6CG-2CJR Improper neutralization of formula elements in yii-helpers
Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained...
CVE-2022-1544
Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained...
An attacker can execute malicious javascript in Live Helper Chat
Cross-site Scripting XSS in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Attacker can execute malicious javascript on application...
GHSA-9HGC-WPC5-V8P9 An attacker can execute malicious javascript in Live Helper Chat
Cross-site Scripting XSS in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Attacker can execute malicious javascript on application...
CVE-2022-1543
Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server...
Design/Logic Flaw
Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server...
CVE-2022-24900
Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The os.path.join call is unsafe for use with untrusted input. When the os.path.join call encounters an absolute...
Path traversal
Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The os.path.join call is unsafe for use with untrusted input. When the os.path.join call encounters an absolute...
CVE-2022-24900 Absolute Path Traversal due to incorrect use of `send_file` call in Piano LED Visualizer
Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The os.path.join call is unsafe for use with untrusted input. When the os.path.join call encounters an absolute...
CVE-2022-24900 Absolute Path Traversal due to incorrect use of `send_file` call in Piano LED Visualizer
Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The os.path.join call is unsafe for use with untrusted input. When the os.path.join call encounters an absolute...
CVE-2022-24900 Absolute Path Traversal due to incorrect use of `send_file` call in Piano LED Visualizer
Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The os.path.join call is unsafe for use with untrusted input. When the os.path.join call encounters an absolute...
CVE-2022-1533
Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. This vulnerability is capable of arbitrary code execution...