CVE-2020-28191

The console in Togglz before 2.9.4 allows CSRF...

Senayan Library Management System 9.2.0 SQL Injection Vulnerability

Title: Senayan Library Management System v9.2.0 a.k.a SLIMS 9 SQLi Author: nu11secur1ty Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/tag/v9.2.0 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.2.0/SQLi...

Senayan Library Management System 9.2.1 SQL Injection Vulnerability

Title: Senayan Library Management System v9.2.1 a.k.a SLIMS 9 SQLi Author: nu11secur1ty Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/tag/v9.2.1 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.2.1/SQLi...

WordPress Yith WooCommerce Gift Cards Premium 3.19.0 Shell Upload Vulnerability

Description: Unauthenticated Arbitrary File Upload Affected Plugin: Yith WooCommerce Gift Cards Premium Plugin Slug: yith-woocommerce-gift-cards-premium Affected Versions: = 3.19.0 CVE ID: CVE-2022-45359 CVSS Score: 9.8 Critical CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N...

Researchers Warn of Kavach 2FA Phishing Attacks Targeting Indian Govt. Officials

A new targeted phishing campaign has zoomed in on a two-factor authentication solution called Kavach that's used by Indian government officials. Cybersecurity firm Securonix dubbed the activity STEPPYKAVACH, attributing it to a threat actor known as SideCopy based on tactical overlaps with prior...

CVE-2022-23513

Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint. In the case of application, this...

CVE-2022-43596

An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability...

CVE-2022-41988

An information disclosure vulnerability exists in the OpenImageIO::decodeiptciim functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2022-41981

A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead to out of bounds read and write on the process stack, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger...

Heap overflow

A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. An attacker can provide a...

CVE-2022-31744

An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...

Spoofing

When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

Apache ShardingSphere-Proxy Incomplete Cleanup vulnerability

Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in Apac...

Reflected Cross-Site Scripting (XSS)

microweber/microweber is vulnerable to reflected cross-site scripting XSS attacks. The library does not properly validate the POST parameter namespaceMD5, allowing an attacker to inject and execute malicious JavaScript...

CVE-2022-45404

Through a series of popup and window.print calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...

CVE-2022-0566

It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message. This vulnerability affects Thunderbird 91.6.1...

GitHub Attack Allowed Attackers to Steal Okta’s Source Code

By Deeba Ahmed Okta has, however, confirmed that attackers couldnt access its customer data or services. Authentication giant Okta has suffered… This is a post from HackRead.com Read the original post: GitHub Attack Allowed Attackers to Steal Oktas Source Code...

CVE-2021-4273

A vulnerability classified as problematic was found in studygolang. This vulnerability affects the function Search of the file http/controller/search.go. The manipulation of the argument q leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the...

PaprController is vulnerable to reentrancy attacks

Lines of code Vulnerability details Impact Malicious users can steal PAPR tokens through reentrancy attacks. Proof of Concept Function PaprController.purchaseLiquidationAuctionNFT may trigger a reentrancy becase it calls ERC721.safeTransferFrom in NFTEDA.purchaseNFT:...

Apache Traffic Server Exception Handling Error Vulnerability

Apache Traffic Server ATS is a set of scalable HTTP proxy and caching servers from the Apache Foundation, U.S. An exception handling error vulnerability exists in Apache Traffic Server. An attacker could exploit this vulnerability to crash the server under certain conditions...