CVE-2022-26643

An issue in EasyIO CPT Graphics v0.8 allows attackers to discover valid users in the application...

PT-2022-3577 · Npm · Npm-Dependency-Versions

Name of the Vulnerable Software and Affected Versions: npm-dependency-versions versions 0.3.0 and earlier Description: The issue is related to insufficient argument checking in the npm-dependency-versions package, which can lead to command injection. An attacker can exploit this by calling...

CVE-2022-27496

Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors...

Anchor 跨站请求伪造漏洞

Anchor is an open source lightweight blogging system. A cross-site request forgery vulnerability exists in Anchor CMS version v0.12.7, which stems from a lack of validation and filtering in the component anchor/routes/posts.php. An attacker can use this vulnerability to arbitrarily delete posts...

PT-2022-13422 · Unknown · Calibre-Web

Name of the Vulnerable Software and Affected Versions: calibre-web versions prior to 0.6.17 Description: The issue is related to Server-Side Request Forgery SSRF in the GitHub repository janeczku/calibre-web. This is due to an incomplete fix, which results in the blacklist not checking for 0.0.0....

@acanto/components (>=0.0.2 <=0.0.73), @acanto/components-header-subnav (>=0.0.2 <=0.0.37) +51 more potentially affected by CVE-2021-23702 via object-extend (=0.5.0)

object-extend NPM version =0.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on object-extend and may be impacted: - @acanto/components =0.0.2, =0.0.2, =0.0.2, =0.0.3, =0.0.2, =0.0.2, =0.0.17, =0.0.2, =0.0.2, =0.0.65, =0.0.2, =0.0.2, =0.0.2, =0.0.4,...

CVE-2022-24552

A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with roo...

Servisnet Tessa 授权问题漏洞

Servisnet Tessa is a web application from Servisnet Turkey. Servisnet Tessa version 0.0.2 suffers from an authorization issue vulnerability that stems from a lack of valid validation in the Authorization HTTP header. An attacker can use this vulnerability to add a new sysadmin user by manipulatin...

Servisnet Tessa 安全漏洞

Servisnet Tessa is a web application from Servisnet Turkey. A security vulnerability exists in Servisnet Tessa version 0.0.2, which stems from a lack of effective information protection in app.js. The vulnerability can be exploited by an attacker to obtain sensitive information via a /js/app.js...

A flaw was found in the spice-vdagentd daemon where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to the spice-vdagentd daemon resulting in a denial of service. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and prior.

...

Cronos 安全漏洞

Cronos is a Crypto.org Evm chain. Designed to massively scale the DeFi ecosystem. Cronos suffers from a security vulnerability that stems from the fact that in Cronos nodes running versions prior to v0.6.5, it is possible to collect transaction fees for the current block from the Cosmos SDK's...

Yurunsoft YurunProxy 跨站脚本漏洞

Yurunsoft YurunProxy is a simple version of Ngrok from China's Yurunsoft, a Swoole-based intranet launcher that supports local WeChat development, Web development, and allows extranet access. A security vulnerability exists in Yurunsoft YurunProxy version 0.01, which originates from the program's...

GNU Hurd 安全漏洞

Gnu Hurd is a Gnu project replacement for the Unix kernel. A security vulnerability exists in GNU Hurd, which stems from the fact that in versions of GNU Hurd prior to 0.9 20210404-9 each person who maps a file shares a page navigation port, allowing anyone to modify any file they can read. any...

Rudp 安全漏洞

rudp is a reliable UDP. A security vulnerability exists in Rudp version 0.6, which stems from the inclusion of a memory leak in the component main.c. The vulnerability is caused by the inclusion of a memory leak in the component main.c. The vulnerability is not supported by Rudp...

GPAC 缓冲区错误漏洞

GPAC is a multimedia framework for rich media and is distributed under the LGPL license. a heap buffer overflow vulnerability exists in the ODReadUTF8String function in odfcode.c in GPAC version 0.8.0. An attacker could exploit the vulnerability to cause a denial of service via specially crafted...

CVE-2021-38357

The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the position parameter found in the /sms-ovh-sent.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1...

CVE-2021-38320

The simpleSAMLphp Authentication WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /simplesamlphp-authentication.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.0...

WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. WordPress plugin More From Google 0.0 .2 before the version o...

GHSA-HC92-9H3M-C39J Incorrect cast in anymap

An issue was discovered in the anymap crate through 0.12.1 for Rust. It violates soundness via conversion of a u8 to a u64...

Eclipse Cyclone DDS 缓冲区错误漏洞

Eclipse Cyclone DDS is a very high performance and robust open source DDS implementation from the Eclipse Foundation. A security vulnerability exists in Eclipse Cyclone DDS Project v0.1.0 that can cause the DDS user server to crash...