CVE-2022-22763

When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox 96, Thunderbird 91.6, and Firefox ESR 91.6...

CVE-2022-3830

The WP Page Builder WordPress plugin through 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Design/Logic Flaw

The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices...

CVE-2022-41576

CVE-2022-41576 affects Huawei HarmonyOS’s rphone module, where a script can be maliciously modified. Successful exploitation may implant irreversible programs on user devices. The provided documents do not reveal a public fix or affected versions; monitor for updates.

PT-2022-23822

Name of the Vulnerable Software and Affected Versions Carel pCOWeb HVAC BACnet Gateway versions 2.1.0, Firmware A2.1.0 through B2.1.0, Application Software 2.15.4A Software v16 13020200 Description The Carel pCOWeb HVAC BACnet Gateway is affected by an unauthenticated arbitrary file disclosure...

CVE-2022-38664

Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure job names...

CVE-2022-2679

A vulnerability was found in SourceCodester Interview Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /viewReport.php. The manipulation of the argument id with the input UPDATEXML9729,CONCAT0x2e,0x716b707071,SELECT...

CVE-2022-24992

A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform directory traversal...

Ambit Technologies Itech Movie Portal Script SQL注入漏洞

Ambit Technologies Itech Movie Portal Script is a Movie Portal Script from Ambit Technologies, USA. An SQL injection vulnerability exists in Ambit Technologies Itech Movie Portal Script version 7.36, which stems from an unknown function in shownews.php, where manipulation of the parameter id can...

Ambit Technologies Itech Movie Portal Script 安全漏洞

Ambit Technologies Itech Movie Portal Script is a Movie Portal Script from Ambit Technologies, USA. A security vulnerability exists in Ambit Technologies Itech Movie Portal Script version 7.36, which stems from some unknown functionality in movie.php, where manipulation of the parameter f can lea...

CVE-2022-28612

Improper Access Control vulnerability leading to multiple Authenticated contributor or higher user role Stored Cross-Site Scripting XSS vulnerabilities in Muneeb's Custom Popup Builder plugin = 1.3.1 at WordPress...

CVE-2022-28479

SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the "Role management" menu and then trigger the payload by loading the "Users management" menu...

Rescue Dispatch Management System SQL注入漏洞

Rescue Dispatch Management System is a rescue dispatch management system from Carlo Montero's personal developer. rescue dispatch management system v1.0 is vulnerable to SQL injection, which originates from /rdms/classes/ Master.php?f=deletereport page lacks validation of externally entered SQL...

WordPress plugin Simple Real Estate Pack 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Simple Real Estate Pack plugin 1.4.8 and earlier versions are vulnerable to a cross-site...

CVE-2022-30286

pyscriptjs aka PyScript Demonstrator in PyScript through 2022-05-04 allows a remote user to read Python source code...

CVE-2022-1445

Stored Cross Site Scripting vulnerability in the checkedoutto parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie...

CVE-2022-28420

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via BabyCare/admin.php?id=theme&setid=...

CVE-2022-28810

Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with...

Jenkins Extended Choice Parameter Plugin跨站脚本漏洞

Jenkins and Jenkins Plugin are both products of Jenkins. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from the plugin's failure to escape the value and description ...

CVE-2022-25404

Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete.php via the DELETESTR parameter...