WordPress plugin LearnPress 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2022-6925 · Cisco · Cisco Ise

Name of the Vulnerable Software and Affected Versions: Cisco ISE affected versions not specified Description: A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. To exploit this...

CVE-2022-3338

An External XML entity XXE vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file throu...

CVE-2022-23770

This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Remote attackers could use this vulnerability to execute malicious commands such as directory traversal...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab CE/EE versions 12.8 through 15.2.5,...

CVE-2022-2828

In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference IDOR vulnerability...

Apache Airflow 代码问题漏洞

Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. Apache Airflow 2.4.1 and earlier versions have a code issue vulnerability that stems from the failure of deactivated users to prevent authenticated users from continuing to use t...

BookStack vulnerable to cross-site scripting

Overview BookStack contains a cross-site scripting vulnerability CWE-79. Kenichi Okuno of Mitsui Bussan Secure Directions, Inc reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be...

Discourse 安全漏洞

Discourse is an open source community discussion platform. An access control error vulnerability exists in versions of Discourse prior to 2.8.9 and prior to 2.9.0.beta10. The vulnerability stems from improper access control of the API, which could be exploited to create new topics and edit existi...

PT-2022-23155 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.8.9 Discourse versions prior to 2.9.0.beta10 Description: The issue allows a moderator to create new and edit existing themes using the API when they should not have this capability. Recommendations: For versions...

PT-2022-6176 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: The issue exists due to insufficient input validation in the web UI feature of Cisco IOS XE Software, allowing an authenticated, remote attacker to perform an injection attack...

Zammad 安全漏洞

Zammad is a suite of ticket management software from the German company Zammad. An access control error vulnerability exists in Zammad version 5.2.1. The vulnerability stems from faulty access control in the program, where Zammad's asset handling mechanism has logic that ensures that client users...

GitHub Advanced Security to CSV 安全漏洞

GitHub Advanced Security to CSV is a library by Natalie Somersall, an individual developer in the US. It is a simple GitHub operation for grabbing the GitHub Advanced Security API and pushing it to CSV. A security vulnerability exists in versions prior to GitHub Advanced Security to CSV V1 that...

mysql: C API unspecified vulnerability (CPU Oct 2021)

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this...

CVE-2022-38771

The mobile application in Transtek Mojodat FAM Fixed Asset Management 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request...

Transtek Mojodat FAM SQL注入漏洞

Transtek Mojodat FAM is a Fixed Asset Management software from Transtek Lebanon. A security vulnerability exists in Transtek Mojodat FAM Fixed Asset Management version 2.4.6, which stems from a vulnerability that allows remote attackers to send SCRIPT tags as injected input to API requests...

KLA19245 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service, obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A remote cod...

mysql: C API unspecified vulnerability (CPU Oct 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: C API. Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

PT-2022-9174 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman affected versions not specified Description: A flaw was found in the Foreman project, specifically in the Datacenter plugin, which exposes the password through the API to an authenticated local attacker with view hosts permission. Thi...

Archer Platform 安全漏洞

Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability exists in Archer Platform versions 6.8 through prior to 6.11 P3 6.11.0.3 that stems from the inclusion of incorrect API access controls in a multi-instance system, which can compromise...