ALPINE-CVE-2022-2625

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...

DEBIAN-CVE-2022-2625

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...

CVE-2022-2625

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...

chronoprod.fr Cross Site Scripting vulnerability OBB-2848015

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

thaicreate.com Cross Site Scripting vulnerability OBB-2845219

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Vulnerability in core server (CVE-2022-2625)

Extension scripts replace objects not belonging to the extension Some extensions use CREATE OR REPLACE or CREATE IF NOT EXISTS commands. Some don't adhere to the documented rule to target only objects known to be extension members already. An attack requires permission to create non-temporary...

Malicious Package

Overview create-closure-releases is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

mariadb: server crash in create_tmp_table::finalize

A flaw was found in MariaDB. The component, Createtmptable::finalize, allows attackers to cause a denial of service DoS via specially crafted SQL statements, affecting availability...

CVE-2022-36296

Broken Authentication vulnerability in JumpDEMAND Inc. ActiveDEMAND plugin = 0.2.27 at WordPress allows unauthenticated post update/create/delete...

CVE-2022-33727

A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack...

CVE-2022-36296 WordPress ActiveDEMAND plugin <= 0.2.27 - Broken Authentication vulnerability

Broken Authentication vulnerability in JumpDEMAND Inc. ActiveDEMAND plugin = 0.2.27 at WordPress allows unauthenticated post update/create/delete...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung. A security vulnerability in the SAMSUNG Mobile devices BluetoothScanDialog module prior to SMR Aug-2022 Release 1, which originates from a vulnerable code in...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung. A security vulnerability exists in the SAMSUNG Mobile devices SecDevicePickerDialog module, versions prior to SMR Aug-2022 Release 1, which is caused due to...

PT-2022-18025 · Sourcecodester · Sourcecodester Garage Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Garage Management System affected versions not specified Description: A critical issue has been found in the SourceCodester Garage Management System, allowing for SQL injection through the manipulation of the userName/uemail...

@newskit-render/auth (>=0.5.1 <=0.31.0), @newskit-render/core (>=0.57.0 <=1.40.0) +4 more potentially affected by CVE-2022-35924 via next-auth (>=0.0.0-manual.83c4ebd1 <=3.1.0)

next-auth NPM version =0.0.0-manual.83c4ebd1, =0.5.1, =0.57.0, =0.35.0, =1.1.0, =0.0.1, =0.0.5 Source cves: CVE-2022-35924 Source advisory: OSV:GHSA-XV97-C62V-4587...

Path Traversal

org.dspace:dspace-jspui is vulnerable to path traversal. The vulnerability exists due to the resumable upload implementations in SubmissionController and FileUploadRequest components, which allows an attacker to modify request parameters during submission and create files or directories anywhere ...

CVE-2022-2578

A vulnerability, which was classified as critical, has been found in SourceCodester Garage Management System 1.0. This issue affects some unknown processing of the file /phpaction/createUser.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit...

mariadb: server crash in create_tmp_table::finalize

A flaw was found in MariaDB. The component, Createtmptable::finalize, allows attackers to cause a denial of service DoS via specially crafted SQL statements, affecting availability...

PT-2022-23701 · Veritas · Veritas Netbackup Opscenter

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup OpsCenter versions 8.x through 8.3.0.2 Veritas NetBackup OpsCenter versions 9.x through 9.0.0.1 Veritas NetBackup OpsCenter versions 9.1.x through 9.1.0.1 Veritas NetBackup OpsCenter version 10 Description: An authenticated...

Malicious code in create-ot-express-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 269d815f0f72dcbee5d8320d8fdc6dfb67256e41db6c462544a0fb234cfbf97c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...