CVE-2022-42890

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16...

WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Auth. WordPress Options Change vulnerability

Auth. WordPress Options Change vulnerability discovered by Vlad Vector Patchstack in the WordPress Image Hover Effects Ultimate plugin versions = 9.7.1. Solution Update the WordPress Image Hover Effects Ultimate plugin to the latest available version at least 9.7.2...

Apache XML Graphics Batik 代码问题漏洞

Apache XML Graphics Batik is a suite of Java-based applications from the Apache Foundation that are primarily used to process images in SVG format. A security vulnerability exists in versions of Apache XML Graphics prior to 1.16 that stems from a problem with Batik that allows an attacker to run...

Apache XML Graphics Batik 代码问题漏洞

Apache XML Graphics Batik is a suite of Java-based applications from the Apache Foundation that are primarily used to process images in SVG format. A security vulnerability exists in Apache XML Graphics Batik versions prior to 1.16, which stems from a problem with Batik that allows an attacker to...

Beneficiary credit balance can unwillingly be used to mint low tier NFT

Lines of code Vulnerability details Impact In the function processPayment, it will use provided JBDidPayData from JBPaymentTerminal to mint to the beneficiary. The value from JBDidPayData will be sum up with previous credits balance of beneficiary. There are 2 cases that beneficiary credit balanc...

WordPress Quiz And Survey Master plugin <= 7.3.6 - Multiple Insecure direct object references (IDOR) vulnerabilities

Multiple Insecure direct object references IDOR vulnerabilities were discovered by Vlad Vector Patchstack in WordPress Quiz And Survey Master plugin versions = 7.3.6. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.7...

WordPress Quiz And Survey Master plugin <= 7.3.4 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Auth. Stored Cross-Site Scripting XSS vulnerabilities were discovered by Vlad Vector Patchstack in WordPress Quiz And Survey Master plugin versions = 7.3.4. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.5...

Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management

Summary Kernel is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2021-22543 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handli...

GHSA-2JXX-2X93-2Q2F Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin

Generic Webhook Trigger Plugin 1.84.1 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. Generic Webhook Trigger Plugin 1.84...

CVE-2022-21627

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

CVE-2022-21590

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware component: Core Formatting API. Supported versions that are affected are 5.9.0.0, 6.4.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

The vulnerability of Adobe InDesign’s computer layout automation tool, related to buffer overflow in dynamic memory, allows attackers to execute arbitrary code.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to overflowing buffers in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created SVG file...

The vulnerability of the Adobe Photoshop graphic editor lies in the overflow of buffer in dynamic memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Adobe Photoshop graphic editor is related to overflow in the dynamic memory of the buffer. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created SVG file...

The vulnerability of the Adobe InCopy text creation and editing software lies in the reading of data outside the buffer in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Adobe InCopy text creation and editing software relates to the reading of data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially created SVG file...

CVE-2022-21620

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...

CVE-2022-39425

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful...

CVE-2022-3149

The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor...

Role Based Pricing for WooCommerce < 1.6.2 - Subscriber+ Arbitrary File Upload

The plugin does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP As a subscriber, open the HTML code below while being logged in as a subscriber, then choose a file to...

New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems

A previously undocumented command-and-control C2 framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems. "Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish remote sessions, deploy payloa...

CVE-2022-41200

Due to lack of proper memory management, when a victim opens a manipulated Scalable Vector Graphic .svg, svg.x3d file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based...