CVE-2022-27868

A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution...

Design/Logic Flaw

A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution...

CVE-2022-27868

Autodesk AutoCAD 2023 is affected by CVE-2022-27868 via a use-after-free in the CATPart/CAT parsing path when processing a malicious CAT file. The underlying issue is a parsing/use-after-free flaw that can lead to code execution in the context of the current process. Multiple sources (including Z...

CVE-2022-27868

A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution...

Malicious code in cat-weather-widget (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e88ace5963f5686d2f51198d181864c25de04bd9fa46139da3ecf262068144c0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1843 Malicious code in cat-weather-widget (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e88ace5963f5686d2f51198d181864c25de04bd9fa46139da3ecf262068144c0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in cat-webcomponent-image (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5e416fba4ad4098c98b9a1b6b381472b248c0fc0dd977333c87e9f707251deb4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

new packages: intel-cmt-cat

An update is available for intel-cmt-cat. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

cc.catalysts.boot:cat-boot-javamelody (>=0.0.4 <=0.2.28), net.bull.javamelody:javamelody-collector-server (>=1.57.0 <=1.60.0) +1 more potentially affected by CVE-2018-12432 via net.bull.javamelody:javamelody-core (>=1.10.0 <=1.60.0)

net.bull.javamelody:javamelody-core MAVEN version =1.10.0, =0.0.4, =1.57.0, =1.10.0, =1.60.0 Source cves: CVE-2018-12432 Source advisory: OSV:GHSA-G66Q-GRXC-64J3...

Piwigo SQL注入漏洞

Piwigo is a Web-based open source photo gallery software. The software includes features such as image management, image categorization and permission management. Piwigo admin/userperm.php has a SQL injection vulnerability that can be exploited by an attacker to inject it into admin.php via the...

CVE-2022-27855

Cross-Site Request Forgery CSRF vulnerability in Fatcat Apps Analytics Cat plugin = 1.0.9 on WordPress allows Plugin Settings Change...

WordPress Analytics Cat plugin <= 1.0.9 - Plugin Settings change via Cross-Site Request Forgery (CSRF) vulnerability

Plugin Settings change via Cross-Site Request Forgery CSRF vulnerability discovered by Rasi Afeef Patchstack Alliance in WordPress Analytics Cat plugin versions = 1.0.9. Solution Update the WordPress Analytics Cat plugin to the latest available version at least 1.1.0...

Security update for libeconf, shadow and util-linux (moderate)

openSUSE Security Update: Security update for libeconf, shadow and util-linux Announcement ID: openSUSE-SU-2022:0727-1 Rating: moderate References: 1188507 1192954 1193632 1194976 SLE-23384 SLE-23402 Cross-References: CVE-2021-3995 CVE-2021-3996 CVSS scores: CVE-2021-3995 SUSE: 4.7...

cat-immobilier.com Open Redirect vulnerability OBB-2359868

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress Pixel Cat plugin cross-site request forgery vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on PHP and MySQL servers. Pixel Cat Plugin is a WordPress open source application plugin. WordPress Pixel Cat Plugins has a cross-site reques...

CVE-2021-24922

The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin change them and perform Cross-Site Scripting attacks...

CVE-2021-24972

The Pixel Cat WordPress plugin before 2.6.3 does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

CVE-2021-24922

The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin change them and perform Cross-Site Scripting attacks...

CVE-2021-24972

The Pixel Cat WordPress plugin before 2.6.3 does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

Cross site scripting

The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin change them and perform Cross-Site Scripting attacks...