CVE-2023-5008

Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control...

PT-2023-30718 · Unknown · Prestashop

Name of the Vulnerable Software and Affected Versions: PrestaShop opartdevis versions 4.5.18 through 4.6.12 Description: A SQL injection issue allows a remote attacker to execute arbitrary code via a crafted script to the getModuleTranslation function. This enables the attacker to potentially...

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.6 security update

A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.6 security update on RHEL 9

New Red Hat Single Sign-On 7.6.6 packages are now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Tongda OA 2017 Security Breach

Tongda2000 is a web-based intelligent office system from China Tongda Tongda. A security vulnerability exists in Tongda OA 2017 version 11.9 and earlier versions, which stems from an incorrect operation of the parameter DELETESTR that can lead to sql injection...

CVE-2022-45810 WordPress Email Subscribers & Newsletters Plugin <= 5.5.2 is vulnerable to CSV Injection

Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce.This issue affects Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce: from n/a throu...

CVE-2023-41347

ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system...

PT-2023-7408

Name of the Vulnerable Software and Affected Versions ASUS RT-AX55 affected versions not specified ASUS RT-AC86U affected versions not specified Description The authentication-related function in the affected devices has a vulnerability due to insufficient filtering of special characters within i...

CVE-2023-45378

In the module "PrestaBlog" prestablog version 4.4.7 and before from HDclic for PrestaShop, a guest can perform SQL injection. The script ajax sliderpositions.php has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...

maven-shared-utils: Command injection via Commandline class

A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack...

Updated the curl packages to fix two security vulnerabilities

curl/libcurl is vulnerable to a heap buffer overflow in its SOCKS5 support that could be exploited by a remote web server when curl is configured to use a SOCKS5 proxy with remote hostname resolution. libcurl is vulnerable to a cookie injection attack where a local attacker can inject cookies int...

MGASA-2023-0288 Updated the curl packages to fix two security vulnerabilities

curl/libcurl is vulnerable to a heap buffer overflow in its SOCKS5 support that could be exploited by a remote web server when curl is configured to use a SOCKS5 proxy with remote hostname resolution. libcurl is vulnerable to a cookie injection attack where a local attacker can inject cookies int...

(Pwn2Own) Microsoft Teams Cross-Site Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Teams. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...

quill-mention Cross-site Scripting vulnerability

Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization, via the renderList function. Note: If the mentions list is sourced from unsafe user-sourced data, this might allow an injection attack when a Quill user hits @...

GHSA-JGW5-RP4P-QHP6 quill-mention Cross-site Scripting vulnerability

Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization, via the renderList function. Note: If the mentions list is sourced from unsafe user-sourced data, this might allow an injection attack when a Quill user hits @...

Cross site scripting

Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization, via the renderList function. Note: If the mentions list is sourced from unsafe user-sourced data, this might allow an injection attack when a Quill user hits @...

CVE-2023-26149

Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization, via the renderList function. Note: If the mentions list is sourced from unsafe user-sourced data, this might allow an injection attack when a Quill user hits @...

CVE-2023-20231

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the...

Input validation

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the...

CVE-2023-20231

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the...