CVE-2022-40841

A cross-site scripting XSS vulnerability in NdkAdvancedCustomizationFields v3.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payloads injected into the "htmlNodes" parameter...

PT-2022-25572 · Unknown · Ndkadvancedcustomizationfields

Name of the Vulnerable Software and Affected Versions: NdkAdvancedCustomizationFields version 3.5.0 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the htmlNodes parameter. This enables attackers to...

CVE-2022-40842

ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery SSRF via rotateimg.php...

PT-2022-25573 · Ndk Design · Ndkadvancedcustomizationfields

Name of the Vulnerable Software and Affected Versions: ndk design NdkAdvancedCustomizationFields version 3.5.0 Description: The issue is related to Server-side request forgery SSRF via the rotateimg.php file. This allows for potential unauthorized access to internal resources. Recommendations: Fo...

NdkAdvancedCustomizationFields 代码问题漏洞

NdkAdvancedCustomizationFields is an advanced customization field from Ndk. A server-side request forgery vulnerability exists in NdkAdvancedCustomizationFields 3.5.0 and prior versions, which stems from rotateimg.php failing to properly validate user input. An attacker could use this vulnerabili...

Low: Red Hat Security Advisory: container-tools:rhel8 security, bug fix, and enhancement update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2022-40840

ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Cross Site Scripting XSS via createPdf.php...

PT-2022-25571 · Unknown · Ndkadvancedcustomizationfields

Name of the Vulnerable Software and Affected Versions: NdkAdvancedCustomizationFields version 3.5.0 Description: The issue concerns a Cross Site Scripting XSS problem. It can be exploited via the createPdf.php endpoint. Recommendations: For version 3.5.0, update to a newer version that contains a...

NdkAdvancedCustomizationFields SQL注入漏洞

NdkAdvancedCustomizationFields is an advanced customization field from Ndk. A security vulnerability exists in NdkAdvancedCustomizationFields version v3.5.0, which stems from a SQL injection vulnerability in the height and width parameters, allowing an unauthenticated attacker to steal database...

Security Bulletin: IBM Sterling Order Management migration strategy to Apache Log4j vulnerability [CVE-2022-23307]

Summary Apache Log4j is used by IBM Sterling Order Management as part of its logging utility and we strongly recommend upgrading to the latest supported version of log4j that was released as part of the latest FixPack CVE-2022-23307. Vulnerability Details CVEID:CVE-2022-23307 DESCRIPTION: Apache...

Digital License Plates

California just legalized digital license plates, which seems like a solution without a problem. The Rplate can reportedly function in extreme temperatures, has some customization features, and is managed via Bluetooth using a smartphone app. Rplates are also equipped with an LTE antenna, which c...

Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. To simulate a gadget chain, put the following code in a plugin class Evil public...

CVE-2022-42004

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc. in the United States. A security vulnerability exists in Google Chrome prior to version 106 that stems from insufficient policy enforcement in the Customization tab...

A first look at the builder for LockBit 3.0 Black

A few months after the LockBit gang released version 3.0 of its ransomware, LockBit 3.0 Black, the builder for it has been leaked by what seems to be a disgruntled developer. LockBit has been by far the most widely used ransomware in 2022 and the appearance of the builder could make things worse...

SUSE-SU-2022:2856-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - Updated to version jdk8u345 icedtea-3.24.0 - CVE-2022-21540: Fixed a potential Java sandbox bypass bsc1201694. - CVE-2022-21541: Fixed a potential Java sandbox bypass bsc1201692. - CVE-2022-34169: Fixed an issue where arbitrary byteco...

[SECURITY] Fedora 36 Update: powerline-go-1.22.1-3.fc36

A Powerline like prompt for Bash, ZSH and Fish. - Shows some important details about the git/hg branch - Changes color if the last command exited with a failure code - If you're too deep into a directory tree, shortens the displayed path with an ellipsis - Shows the current Python virtualenv...

Simplify SIEM Optimization With InsightIDR

Two key ways InsightIDR helps customers tailor reporting, detection, and response — without any headaches For far too many years, security teams have accepted that with a SIEM comes compromise. You could have highly tailored and custom rule sets, but it meant endless amounts of tuning and...

Important: Red Hat Security Advisory: RHUI 4.1.1 release - Security Fixes and Enhancement Update

An updated version of Red Hat Update Infrastructure RHUI is now available. RHUI 4.1.1 introduces important enhancements and fixes several security bugs. Red Hat Update Infrastructure RHUI offers a highly scalable, highly redundant framework that enables you to manage repositories and content. It...

[SECURITY] Fedora 35 Update: golang-github-mailru-easyjson-0.7.6-5.fc35

Package Easyjson provides a fast and easy way to marshal/unmarshal Go structs to/from JSON without the use of reflection. In performance tests, easyjson outperforms the standard encoding/json package by a factor of 4-5x, and other JSON encoding packages by a factor of 2-3x. Easyjson aims to keep...