CVE-2022-45338

An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file...

Update 16.19 for Microsoft Dynamics 365 Business Central 2020 Release Wave 1 (Application Build 16.19.49472, Platform Build 16.0.49350)

Update 16.19 for Microsoft Dynamics 365 Business Central 2020 Release Wave 1 Application Build 16.19.49472, Platform Build 16.0.49350 Note: The build number of this update is incremented by 2. Overview This update replaces previously released updates. You should always install the latest update...

KLA20114 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Memory safety vulnerability can be exploited to execute...

KLA20115 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Memory safety vulnerability can be exploited to execute...

CVE-2022-45275

An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=savesettings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-41157 ERP solution Remote Code Execution Vulnerability

A specific file on the sERP server if KyungrinaraERP solution has a fixed password with the SYSTEM authority. This vulnerability could allow attackers to leak or steal sensitive information or execute malicious commands...

Libarchive Code Execution Vulnerability

libarchive is a multi-format archive and compression library. libarchive A code execution vulnerability exists in libarchive version 3.6.1, which stems from a failure to check for errors after calling the calloc function, i.e., if the function fails, the calloc function returns a NULL pointer,...

ABB MicroSCADA Pro SYS600 输入验证错误漏洞

ABB MicroSCADA Pro SYS600 is a suite of monitoring and data acquisition software from ABB Switzerland. The software is used for substation automation, SCADA electrical, distribution management applications and industrial power management. ABB MicroSCADA Pro SYS600 suffers from a code execution...

CVE-2022-44089

ESPCMS P8.21120101 was discovered to contain a remote code execution RCE vulnerability in the component ISGETCACHE...

CVE-2022-43277

Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ip/youthappam/phpaction/editFile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

Democritus Project d8s-networking code execution vulnerability (CNVD-2022-84125)

Democritus Project is a collection of simple, effective, modular, well-tested and well-documented features from Democritus. A code execution vulnerability exists in Democritus Project d8s-networking, which stems from the existence of a potential code execution backdoor inserted by a third party i...

PYSEC-2022-43084

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-algorithms package. The affected version of d8s-htm is 0.1.0...

Gentoo 代码问题漏洞

Gentoo is an open source Linux system from the Gentoo Foundation. A code issue vulnerability exists in Gentoo lesspipe versions prior to 2.06. An attacker can exploit this vulnerability to execute code via a Perl Storable pst file...

CVE-2022-43078

A cross-site scripting XSS vulnerability in /admin/add-fee.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter...

CVE-2022-39978

Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point...

CVE-2022-39286 Execution with Unnecessary Privileges in JupyterApp

Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in jupytercore that stems from jupytercore executing untrusted files in CWD. This vulnerability allows one user to run code as...

PT-2022-21926 · WordPress · Wp All Export Pro

Name of the Vulnerable Software and Affected Versions: WP All Export Pro versions prior to 1.7.9 Description: The issue allows any logged-in user with export privileges to execute arbitrary code on the site, despite the default restriction to administrators. This is because the plugin does not...

Apple iOS和iPadOS 资源管理错误漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for the iPad tablet computer. A security vulnerability exists in Apple iOS and iPadOS. An attacker could use this vulnerability to execute...

CVE-2022-42940

A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process...

Markdownify Code Execution Vulnerability

Markdownify is a minimal Markdown Editor desktop application built on Electron. A code execution vulnerability exists in Markdownify. The vulnerability stems from a failure of a networked system or product to properly filter specific elements of externally entered data during the construction of ...