CVE-2022-35251

A cross-site scripting vulnerability exists in Rocket.chat v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Hence the payloads are...

CVE-2022-40358

An issue was discovered in AjaXplorer 4.2.3, allows attackers to cause cross site scripting vulnerabilities via a crafted svg file upload...

Ancient CVEs Can Cause You Problems

Ancient CVEs Can Cause You Problems By Kent Landfield · September 23, 2022 The Common Vulnerability and Exposures CVE Program was founded in 1999 for the purpose of giving individual cyber vulnerabilities an identifier that could be used as an interoperable means for identifying a specific...

PT-2022-25360 · Unknown · Ajaxplorer

Name of the Vulnerable Software and Affected Versions: AjaXplorer version 4.2.3 Description: An issue in AjaXplorer allows attackers to cause cross-site scripting vulnerabilities via a crafted svg file upload. Recommendations: For AjaXplorer version 4.2.3, consider restricting the upload of svg...

Pydio 跨站脚本漏洞

Pydio AjaXplorer is a web-based remote file manager from Pydio. The manager supports uploading and downloading files, online file editing, image previewing, and more. A security vulnerability exists in Pydio version 4.2.3, which can be exploited by an attacker to cause a cross-site scripting...

Talos vulnerable dependency due to race condition in Linux kernel's IP framework XFRM

Impact A race condition was found in the Linux kernel's IP framework for transforming packets XFRM subsystem when multiple calls to xfrmprobealgs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing ...

Exploit for SQL Injection in Jflyfox Jfinal_Cms

CVE-2022-37209 CVE-2022-37209 POC Suggested description...

Google TensorFlow 安全漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial-of-service vulnerability exists in Google TensorFlow, which originates when EmptyTensorList receives an input elementshape with multiple dimensions and it gives an assertion of failure. An...

CVE-2022-39213 Out-of-bounds Read in go-cvss

go-cvss is a Go module to manipulate Common Vulnerability Scoring System CVSS. In affected versions when a full CVSS v2.0 vector string is parsed using ParseVector, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic. The problem is patched in tag v0.4.0, by th...

Go-CVSS 缓冲区错误漏洞

Go-CVSS is a low-allocation Go module from the Lucas TESSON personal developer. It is used to operate the Common Vulnerability Scoring System CVSS. A buffer error vulnerability exists in Go-CVSS versions prior to v0.4.0, which stems from a potential out-of-bounds read due to lack of testing when...

Security Bulletin: CVE-2015-7450 affects the desktop IBM Process Designer used in IBM Business Automation Workflow and IBM Business Process Manager

Summary The following vulnerability in Apache commons that affects the desktop IBM Process Designer has been addressed. Vulnerability Details CVEID:CVE-2015-7450 DESCRIPTION: Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and...

CVE-2022-36668

Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting XSS on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS payload, the Stored XSS triggered and can be used for further attack vector...

Cross site scripting

Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting XSS on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS payload, the Stored XSS triggered and can be used for further attack vector...

CVE-2022-36668

Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting XSS on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS payload, the Stored XSS triggered and can be used for further attack vector...

PT-2022-5152 · Adobe · Photoshop

Name of the Vulnerable Software and Affected Versions: Adobe Photoshop versions 22.5.8 and earlier Adobe Photoshop versions 23.4.2 and earlier Description: The issue is related to a Heap-based Buffer Overflow that could result in arbitrary code execution in the context of the current user...

PT-2022-5081 · Adobe · Bridge

Name of the Vulnerable Software and Affected Versions: Adobe Bridge versions 12.0.2 and earlier Adobe Bridge versions 11.1.3 and earlier Description: The issue is related to an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. This...

PT-2022-5109 · Adobe · Incopy

Name of the Vulnerable Software and Affected Versions: Adobe InCopy versions 17.3 and earlier Adobe InCopy versions 16.4.2 and earlier Description: The issue is related to a Heap-based Buffer Overflow that could result in arbitrary code execution in the context of the current user. Exploitation...

Fedora: Security Advisory for autotrace (FEDORA-2022-b2db61249b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 37 Update: autotrace-0.31.9-1.fc37

AutoTrace is a program for converting bitmaps to vector graphics. Supported input formats include BMP, TGA, PNM, PPM, and any format supported by ImageMagick, whereas output can be produced in Postscript, SVG, xfig, SWF, and others...

Security Bulletin: Multiple vulnerabilities in WebSphere Liberty affect SPSS Collaboration and Deployment Services

Summary There are multiple vulnerabilities in WebSphere Liberty used by SPSS Collaboration and Deployment Services. These issues have been addressed. Vulnerability Details CVEID:CVE-2022-22475 DESCRIPTION: IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are...