SQL Injection Vulnerability in UFIDA GRP-U8 Administration and Utilities Internal Control Management Software (New Government Accounting System Special Edition) (CNVD-2022-84009)

Founded in 1988, UFIDA is a leading digital intelligence platform and service provider for enterprises and public organizations in China and around the world. A SQL injection vulnerability exists in UFIDA GRP-U8 Administration and Utilities Internal Control Management Software New Government...

EulerOS 2.0 SP10 : unbound (EulerOS-SA-2022-2702)

According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the 'ghost domain names' attack. The vulnerability work...

CVE-2022-3499

An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present...

CVE-2022-39024

U-Office Force Bulletin function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS Reflected Cross-Site Scripting attack...

CVE-2022-39026

U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform XSS Stored Cross-Site Scripting attack...

CVE-2022-39027

U-Office Force Forum function has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript and perform XSS Stored Cross-Site Scripting attack...

CVE-2022-40739

Ragic report generation page has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript to perform XSS Reflected Cross-Site Scripting attack...

Cross site scripting

U-Office Force Bulletin function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS Reflected Cross-Site Scripting attack...

CVE-2022-40739 Ragic, Inc. Ragic - Reflected XSS

Ragic report generation page has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript to perform XSS Reflected Cross-Site Scripting attack...

TeraWallet – For WooCommerce < 1.4.0 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

Advanced Dynamic Pricing for WooCommerce < 4.1.6 - Settings Import via CSRF

The plugin does not have CSRF check in place when importing its settings, which could allow attackers to make a logged in admin import them via a CSRF attack...

Advanced Dynamic Pricing for WooCommerce < 4.1.6 - Rule Type Migration via CSRF

The plugin does not have CSRF check when migrating rule types, which could allow attackers to make logged in admin perform such action via a CSRF attack...

Design/Logic Flaw

Communication traffic involving "Ethernet Q Commands" service of Haas Controller version 100.20.000.1110 is transmitted in cleartext. This allows an attacker to obtain sensitive information being passed to and from the controller...

CAN-2022-1006615 unknown in openssl version 3.0.x

In openssl openssl version 3.0.x a unknown exists in the unknown that can be attacked via unknown resulting in unknown...

Google Chrome Security Bypass Vulnerability (CNVD-2022-85089)

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which stems from insufficient data validation in Extensions. An attacker could use this vulnerability to bypass security restrictions...

Trihedral VTScada

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Trihedral Equipment: VTScada Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition in the affected product...

Cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Sanitization Management System 1.0. Affected is an unknown function of the file /php-sms/classes/Master.php. The manipulation of the argument message leads to cross site scripting. It is possible to launch the attac...

Cross site scripting

A vulnerability in the External RESTful Services ERS API of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient input...

Path traversal

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the...

Path traversal

Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the...