CVE-2022-1345 Stored XSS viva .svg file upload in causefx/organizr

Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse...

CVE-2022-1345 Stored XSS viva .svg file upload in causefx/organizr

Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse...

CVE-2022-1344 Stored XSS due to no sanitization in the filename in causefx/organizr

Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse...

CVE-2022-1344

CVE-2022-1344 : Stored XSS in Organizr (causefx/organizr) due to missing sanitization of filenames, affecting versions prior to 2.1.1810. Malicious script in a filename can run in the user’s browser, with potential for session hijacking and data exposure. Affected: Organizr before 2.1.1810. Mitig...

CVE-2022-1344 Stored XSS due to no sanitization in the filename in causefx/organizr

Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse...

CVE-2022-1339

SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data...

CVE-2022-1339

CVE-2022-1339: Pimcore Pimcore prior to 10.3.5 is affected by SQL injection in ElementController.php, enabling unauthorized data access. Root cause: lack of input validation leading to SQL injection in Pimcore’s ElementController.php. Affected versions are before 10.3.5. Impact: potential data co...

CVE-2022-1339 SQL injection in ElementController.php in pimcore/pimcore

SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data...

CVE-2022-0436

Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2...

Path traversal

Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2...

CVE-2022-1330

CVE-2022-1330 affects the fullpage.js library prior to 4.0.4. The vulnerability is a stored cross-site scripting (XSS) flaw caused by unsanitized anchor URLs in href attributes, which can allow injected JavaScript when a page uses fullpage.js. Supported sources consistently describe a stored XSS ...

CVE-2022-1330 stored xss due to unsantized anchor url in alvarotrigo/fullpage.js

stored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4. stored xss...

CVE-2022-0436 Path Traversal in gruntjs/grunt

Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2...

mruby buffer overflow vulnerability (CNVD-2022-31850)

mruby is a lightweight implementation of the Ruby language. A security vulnerability exists in the GitHub repository mruby/mruby versions prior to 3.2, which stems from a heap buffer overflow in mrbvmexec in mruby/mruby. An attacker could exploit this vulnerability to execute arbitrary code...

CVE-2022-0436

Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2...

Privilege escalation

Incorrect Permission Assignment for Critical Resource in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation...

CVE-2022-1297

Out-of-bounds Read in rbinnegetentrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash...

CVE-2022-1296

Out-of-bounds read in rbinnegetrelocs function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash...

Cross site scripting

Out-of-bounds Read in rbinnegetentrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash...

CVE-2022-1297

Out-of-bounds Read in rbinnegetentrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash...