PT-2023-16159 · Unknown · Sourcecodester Online Food Ordering System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Food Ordering System affected versions not specified Description: A critical vulnerability has been found in the SourceCodester Online Food Ordering System, affecting the Signup Module in the file admin class.php. The...

PT-2023-1328 · Atlassian · Jira Service Management Server

Name of the Vulnerable Software and Affected Versions: Jira Service Management Server and Data Center versions 5.3.0 through 5.5.0 Description: An authentication issue in Jira Service Management Server and Data Center allows an attacker to impersonate another user and gain access to a Jira Servic...

CVE-2022-45292

User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted...

CVE-2022-45292

User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted...

PT-2022-27712 · Unknown · Ecommerce-Website

Name of the Vulnerable Software and Affected Versions: Ecommerce-Website version 1.0 Description: A cross-site scripting XSS issue in the /signup script.php component allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter. Recommendations...

Ecommerce-Website 跨站脚本漏洞

Ecommerce-Website is complete e-commerce website with administration panel built using PHP and MySql. A security vulnerability exists in Ecommerce-Website v1.0, which originates from the presence of cross-site scripting XSS in the component /signupscript.php, allowing attackers to execute arbitra...

CVE-2022-45990

A cross-site scripting XSS vulnerability in the component /signupscript.php of Ecommerce-Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter...

Atlassian Bitbucket 8.2.x < 8.2.4 Command Injection

According to its self-reported version number, the Atlassian Bitbucket application running on the remote host is affected by a command injection vulnerability. A remote attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This...

Atlassian Bitbucket 8.1.x < 8.1.5 Command Injection

According to its self-reported version number, the Atlassian Bitbucket application running on the remote host is affected by a command injection vulnerability. A remote attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This...

Atlassian Bitbucket 8.3.x < 8.3.3 Command Injection

According to its self-reported version number, the Atlassian Bitbucket application running on the remote host is affected by a command injection vulnerability. A remote attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This...

Atlassian Bitbucket 8.4.x < 8.4.2 Command Injection

According to its self-reported version number, the Atlassian Bitbucket application running on the remote host is affected by a command injection vulnerability. A remote attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This...

Atlassian Bitbucket < 7.6.19 Command Injection

According to its self-reported version number, the Atlassian Bitbucket application running on the remote host is affected by a command injection vulnerability. A remote attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This...

CVE-2022-43781

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...

CVE-2022-43781

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...

Command injection

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...

CVE-2022-43781

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...

PT-2022-27067 · Unknown · Backclick Professional

Name of the Vulnerable Software and Affected Versions: BACKCLICK Professional version 5.9.63 Description: An issue was discovered in the newsletter sign-up functionality due to the use of consecutive IDs in verification links. This allows for the enumeration of subscribers' e-mail addresses...

Grafana < 8.5.15, 9 < 9.2.4 Multiple Vulnerabilities

Grafana is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

UBUNTU-CVE-2022-39306

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non...

CVE-2022-39306

An authentication bypass flaw was discovered in Grafana. This issue could allow a remote unauthenticated attacker to create an account and provide access to a certain organization, which can be exploited by gaining access to the signup link. The highest impacts to the system are confidentiality a...