PT-2022-23483 · Wellcms · Wellcms

Name of the Vulnerable Software and Affected Versions: Wellcms version 2.2.0 Description: The issue is related to Cross Site Request Forgery CSRF, which is a type of attack that tricks a user into performing unintended actions on a web application. Recommendations: For Wellcms version 2.2.0, as a...

CVE-2022-31204

Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations such as project/logic uploads and downloads. This...

PT-2022-22019 · Benjamin Balet · Jorani

Name of the Vulnerable Software and Affected Versions: Benjamin BALET Jorani version 1.0 Description: The issue is related to a Cross-Site Request Forgery CSRF in the component /application/controllers/Users.php. This allows for unauthorized actions to be performed on behalf of a user without the...

PT-2022-20956 · Mercury · Mercury Mipc451-4

Name of the Vulnerable Software and Affected Versions: MERCURY MIPC451-4 version 1.0.22 Build 220105 Rel.55642n Description: The issue is a remote code execution RCE vulnerability. It can be exploited via a crafted POST request. Recommendations: For MERCURY MIPC451-4 version 1.0.22 Build 220105...

Xiaomi Mi Browser open redirection vulnerability

Xiaomi Mi browser is a lightweight web browser from Xiaomi Technology China, Inc. A security vulnerability exists prior to Xiaomi Mi Browser 15.8, which is caused by Xiaomi Mi browser not validating the validity of incoming data. An attacker could exploit this vulnerability to perform sensitive...

Tenda AX12 Cross-Site Request Forgery Vulnerability (CNVD-2022-63551)

Tenda AX12 is a dual-band gigabit Wifi 6 wireless router from Tenda, China.Tenda AX12 V22.03.01.21CN is vulnerable to cross-site request spoofing. users, an attacker could use the vulnerability to spoof malicious requests to trick victims into clicking to perform sensitive operations...

CVE-2020-14116

An intent redirection vulnerability in the Mi Browser product. This vulnerability is caused by the Mi Browser does not verify the validity of the incoming data. Attackers can perform sensitive operations by exploiting this...

Information disclosure

An intent redirection vulnerability in the Mi Browser product. This vulnerability is caused by the Mi Browser does not verify the validity of the incoming data. Attackers can perform sensitive operations by exploiting this...

CVE-2020-14116

An intent redirection vulnerability in the Mi Browser product. This vulnerability is caused by the Mi Browser does not verify the validity of the incoming data. Attackers can perform sensitive operations by exploiting this...

PT-2022-3548 · Aethon · Aethon Tug Home Base Server

Name of the Vulnerable Software and Affected Versions: Aethon TUG Home Base Server versions prior to version 24 Description: The issue is related to weaknesses in the authorization procedure of the server. It allows a remote attacker to exploit the weakness, potentially enabling them to add and...

PT-2021-4361 · Moxa · Moxa Mxview

Name of the Vulnerable Software and Affected Versions: Moxa MXView versions 3.x through 3.2.2 Description: The issue is related to an insecure transmission of credentials in the Moxa MXView network management software. It also involves a path traversal vulnerability that may allow an attacker to...

JEESNS Cross-site Request Forgery Vulnerability

JEESNS is a social management system developed on the JAVA enterprise platform. JEESNS version 1.4.2 is vulnerable to cross-site request forgery. An attacker can use this vulnerability to elevate privileges and perform sensitive program operations...

Cross site request forgery (csrf)

Jeesns 1.4.2 contains a cross-site request forgery CSRF which allows attackers to escalate privileges and perform sensitive program operations...

Sqlite 跨站请求伪造漏洞

Sqlite is a lightweight database that is ACID compliant relational database management system. A security vulnerability exists in sqlite sqlite-web that allows sensitive operations to be performed without verifying that the request is from the application...

Unauthorized Access Vulnerability in Network Video Surveillance System of Tianmai Technology

Tianmai Technology is a national high-tech enterprise focusing on the field of intelligent public transportation. The company's main business is to provide comprehensive solutions for urban bus operation, management and service based on Telematics technology. There is an unauthorized access...

CVE-2020-36125

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint directly...

CVE-2020-36125

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint directly...

CVE-2021-21327

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 non-authenticated user can remotely instantiate object of any class existing in the GLPI environment that can be used to...

CVE-2020-11673

An issue was discovered in the Responsive Poll through 1.3.4 for Wordpress. It allows an unauthenticated user to manipulate polls, e.g., delete, clone, or view a hidden poll. This is due to the usage of the callback wpajaxnopriv function in Includes/Total-Soft-Poll-Ajax.php for sensitive operatio...

CVE-2020-11673

CVE-2020-11673 affects the WordPress Responsive Poll plugin (versions