GHSA-2JXX-2X93-2Q2F Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin

Generic Webhook Trigger Plugin 1.84.1 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. Generic Webhook Trigger Plugin 1.84...

CVE-2022-3149

The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor...

Frontend File Manager < 21.4 - File Upload via CSRF

The plugin does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf PoC The file won't show up via the frontend/backend, but will be uploaded in the user folder ie in wp-content/uploads/useruploads//payload.pdf...

CVE-2022-35251

A cross-site scripting vulnerability exists in Rocket.chat v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Hence the payloads are...

Cross site scripting

A cross-site scripting vulnerability exists in Rocket.chat v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Hence the payloads are...

CVE-2022-35251

A cross-site scripting vulnerability exists in Rocket.chat v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Hence the payloads are...

CVE-2022-35251

CVE-2022-35251 affects Rocket.Chat ( Rocket.Chat

Ancient CVEs Can Cause You Problems

Ancient CVEs Can Cause You Problems By Kent Landfield · September 23, 2022 The Common Vulnerability and Exposures CVE Program was founded in 1999 for the purpose of giving individual cyber vulnerabilities an identifier that could be used as an interoperable means for identifying a specific...

Exploit for SQL Injection in Jflyfox Jfinal_Cms

CVE-2022-37209 CVE-2022-37209 POC Suggested description...

Google TensorFlow 安全漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial-of-service vulnerability exists in Google TensorFlow, which originates when EmptyTensorList receives an input elementshape with multiple dimensions and it gives an assertion of failure. An...

CVE-2022-36668

Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting XSS on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS payload, the Stored XSS triggered and can be used for further attack vector...

Cross site scripting

Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting XSS on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS payload, the Stored XSS triggered and can be used for further attack vector...

CVE-2022-36668

Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting XSS on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS payload, the Stored XSS triggered and can be used for further attack vector...

Red Hat Keycloak 安全漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. Red Hat Keycloak suffers from a security vulnerability that originates from an attacker being able to register with a username that is the same...

Linux kernel 安全漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel that stems from a flaw found in the Linux kernel memory deduplication mechanism, which can be exploited by an attacker to attack memory deduplication v...

Researchers Warn of Ongoing Mass Exploitation of Zimbra RCE Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added two flaws to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The two high-severity issues relate to weaknesses in Zimbra Collaboration, both of which could be chained to achieve...

Intel IPP Cryptography 安全漏洞

Intel IPP Cryptography is an Intel Integrated Performance Primitives IPP cryptography software library from Intel Corporation. A security vulnerability exists in Intel IPP Cryptography. An attacker could exploit this vulnerability to disclose sensitive information...

Autodesk Design Review 缓冲区错误漏洞

Autodesk Design Review ADR is a suite of AutoCAD drafting software assistance software from Autodesk. The software supports viewing, marking, measuring, printing, and tracking changes to 2D and 3D design files. A buffer error vulnerability exists in Autodesk Design Review. An attacker could explo...

PT-2022-9262 · Ovarro · Ovarro Twinsoft

Name of the Vulnerable Software and Affected Versions: Ovarro TWinSoft affected versions not specified Description: An attacker may use TWinSoft and a malicious source project file TPG to extract files on the machine executing Ovarro TWinSoft, which could lead to code execution. Recommendations: ...

CVE-2022-36912

A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...