Microweber 代码问题漏洞

Microweber is an online store management system from the Microweber community in the United States that provides drag-and-drop functionality. The system includes modules for adding products, images, etc. A remote code execution vulnerability exists in versions of microweber prior to 1.2.12, which...

Mozilla: Use-after-free in text reflows

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have caused a use-after-free issue by forcing a text reflow in an SVG object, leading to a potentially exploitable crash...

Mozilla: Use-after-free in text reflows

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have caused a use-after-free issue by forcing a text reflow in an SVG object, leading to a potentially exploitable crash...

Mozilla: Use-after-free in text reflows

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have caused a use-after-free issue by forcing a text reflow in an SVG object, leading to a potentially exploitable crash...

Mozilla: Use-after-free in text reflows

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have caused a use-after-free issue by forcing a text reflow in an SVG object, leading to a potentially exploitable crash...

Xiaomi Router AX6000 信息泄露漏洞

Xiaomi Router AX6000 is a router from Xiaomi China. Xiaomi Router AX6000 1.0.56 previously had an information disclosure vulnerability that stemmed from a routing configuration error, which could be exploited by an attacker to download some of the files in Xiaomi Router AX6000...

DRUPAL-CONTRIB-2022-028

SVG Formatter module provides support for using SVG images on your website. Our dependency library enshrined/svg-sanitize has a cross-site scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with permission that enables them to upload SVG images...

[WP-H4] anchor_basset_reward pending yields can be stolen

Lines of code Vulnerability details For yield farming aggregators, if the pending yield on an underlying strategy can be harvested and cause a surge of rewards to all existing investors, especially if the harvest can be triggered permissionlessly. Then the attacker can amplify the attack using a...

PT-2022-15516 · Unknown · Simple Diagnostics Agent

Name of the Vulnerable Software and Affected Versions: Simple Diagnostics Agent versions 1.0 through 1.57 Description: The issue allows an attacker to access restricted information via a random port between 9000 and 65535. This enables information gathering that could potentially be used to explo...

Mozilla Firefox 资源管理错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox, which originates from a mix-up in instructions responsible for freeing memory when processing HTML content, and can be exploited by remote attackers ...

CVE-2021-24960

The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way that allows uploading of SVG files, which could be then be used for Cross-Site Scripting attacks...

Antaris RazorEngine 安全漏洞

Antaris RazorEngine is an open source templating engine based on Microsoft's Razor parsing engine from Matthew Abbott, a personal developer in the U.K. Antaris RazorEngine contains a security vulnerability that could be exploited by attackers to execute arbitrary .NET code in a sandboxed...

GHSA-QWH6-XWJ4-9CJG Remote code execution in net.mingsoft:ms-mcms

net.mingsoft:ms-mcms =5.2.5 is affected by: RCE. The impact is: execute arbitrary code remote. The attack vector is: $"freemarker.template.utility.Execute"?new"calc". ¶¶ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise...

CVE-2021-46384

https://gitee.com/mingSoft/MCMS MCMS =5.2.5 is affected by: RCE. The impact is: execute arbitrary code remote. The attack vector is: $"freemarker.template.utility.Execute"?new"calc". ¶¶ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via htt...

CVE-2022-21828

A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3...

CVE-2022-21828

A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3...

Code injection

A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3...

CVE-2022-21828

A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3...

CVE-2022-23328

CVE-2022-23328 describes a design flaw in all versions of Go-Ethereum whereby an attacker node can inject 5,120 pending transactions with high gas prices from a single account. This behavior can purge the victim node’s memory pool of pending transactions and then saturate the pool, blocking new t...

CVE-2022-23051

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...