CVE-2022-46677

Wyse Management Suite 3.8 and below contain an improper access control vulnerability with which an custom group admin can create a subgroup under a group for which the admin is not authorized...

Stored DOM-based Cross-site Scripting in Tags Functionality

Description A stored, DOM-based cross-site scripting vulnerability exists in answer version 1.0.4 within the question tagging functionality. Steps Step 1. Log in. Step 2. Proceed to create a new question. Populate the Title and Body input. Step 3. Click on the Add tag button, shown in the followi...

PT-2023-3787 · NetGear · Netgear Prosafe Network Management System

Name of the Vulnerable Software and Affected Versions: NETGEAR ProSAFE Network Management System affected versions not specified Description: This issue allows remote attackers to escalate privileges on affected installations. Although authentication is required to exploit this, the existing...

Dogecoin Core 安全漏洞

Dogecoin is a community-driven cryptocurrency open-sourced by Dogecoin. A security vulnerability exists in Dogecoin Core 1.14.3 and earlier versions, which stems from an issue in src/wallet/wallet.cpp that can be exploited by an attacker to view sensitive information via the...

CVE-2022-25855

All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization...

Exploit for Missing Authentication for Critical Function in Oracle E-Business_Suite

CVE-2022-21587-POC- CVE-2022-21587 POC file exploit.py w...

npm create-choo-app3 安全漏洞

npm create-choo-app3 is a library from npm USA. It is used to create a new choo application. A security vulnerability exists in create-choo-app3, which stems from improper cleanup of user input. An attacker exploits the vulnerability to perform command injection via the devInstall function...

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF in Academy LMS before v5.10 allows an attacker to arbitrarily create a page...

PT-2023-1394 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions 2.6.0-rc1 through 2.6.0 Description: The issue is related to an output sanitization bug in Argo CD, which leaks repository access credentials in error messages. These error messages are visible to the user and are logged. The...

PT-2023-19077 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable, beta and tests-passed versions Description: The issue allows exploitation of embeddable comments to create new topics as any user without a clear title or content. Recommendations: For versions...

Discourse 访问控制错误漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. Discourse suffers from an access control error vulnerability, which can be exploited by an attacker to create new threads as any user with embeddable comments...

PT-2025-49753

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc7-syzkaller-00190-g97ee9d1c1696 Description The Linux kernel contains a flaw within the hfs module related to reference counting of hfs bnode structures. Specifically, a missing call to hfs bnode get afte...

PT-2023-34918 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.303 Description: The issue is related to an overflow before widen in the bitmap ip create function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

CVE-2023-24065

NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name of a physician, assistant, or billing user can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for...

CVE-2023-0571

Summary: CVE-2023-0571 affects SourceCodester Canteen Management System v1.0, specifically the Add Customer component’s createcustomer.php. The vulnerability arises from manipulating the name parameter, enabling cross-site scripting (XSS). Reports indicate remote initiation and public disclosure,...

CVE-2023-24065

NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name of a physician, assistant, or billing user can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for...

CVE-2023-24065

The CVE-2023-24065 entry affects NOSH (version 4a5cfdb) and describes a stored XSS vulnerability on the create user page. A crafted first name field can execute JavaScript when visiting /users/2/1, with potential to exfiltrate Protected Health Information in a healthcare-charting context. Public ...

Command Injection in create-choo-electron

All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization...

CVE-2022-47073

A cross-site scripting XSS vulnerability in the Create Ticket page of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject parameter...

Cross site scripting

A cross-site scripting XSS vulnerability in the Create Ticket page of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject parameter...