CVE-2022-22778 TIBCO BusinessConnect Trading Community Management Cross-Site Request Forgery Vulnerability

The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute Cross-Site Request Forgery CSRF on the affected system. A successful attack usin...

CVE-2022-22776 TIBCO BusinessConnect Trading Community Management Stored Cross Site Scripting Vulnerability

The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains easily exploitable vulnerabilities that allows a low privileged attacker with network access to execute Stored Cross Site Scripting XSS on the affected system. A successful attack using...

Cross-site Scripting in Jenkins Autocomplete Parameter Plugin

Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with...

GHSA-MW4R-5MFC-M5VC Cross site scripting in Jenkins Selection tasks Plugin

Jenkins Selection tasks Plugin 1.0 and earlier does not escape the name and description of Script Selection task variable parameters on views displaying parameters. This results in stored cross-site scripting XSS vulnerabilities exploitable by attackers with Item/Configure permission. Exploitatio...

Cross site scripting

A remote cross-site scripting xss vulnerability was discovered in HPE OneView versions: Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView...

CVE-2022-30967

Jenkins Selection tasks Plugin 1.0 and earlier does not escape the name and description of Script Selection task variable parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

Cross site scripting

Jenkins Application Detector Plugin 1.0.8 and earlier does not escape the name of Chois Application Version parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-30966

Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-30956

Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads...

Denial Of Service (DoS)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated...

GHSA-XRXM-MVQM-R553 Helm Path Traversal

All versions of Helm between Helm =2.0.0 and 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The commands helm fetch --untar and helm lint some.tgz that can result when chart archive files are unpacked a file may be unpacked...

Weak Password Requirements in UnboundID LDAP SDK

UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty...

GHSA-2CF3-G243-HHFX MySQL Connectors Privilege Escalation

Vulnerability in the MySQL Connectors component of Oracle MySQL subcomponent: Connector/Python. Supported versions that are affected are 2.1.5 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to...

MySQL Connectors Privilege Escalation

Vulnerability in the MySQL Connectors component of Oracle MySQL subcomponent: Connector/Python. Supported versions that are affected are 2.1.5 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to...

October CMS Local File Inclusion

October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php makeFileContents function that can result in Sensitive information disclosure and remote code execution. This attack appear to be exploitable remotely if the /backend path i...

GHSA-J99Q-RWP6-498G Gitea Arbitrary File Delete Vulnerability

Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must get write access to "any"...

Gitea Arbitrary File Delete Vulnerability

Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must get write access to "any"...

Hex authenticity of signed packages not validated

Hex package manager hexcore version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromis...

Design/Logic Flaw

An exploitable use-after-free vulnerability exists in WPS Spreadsheets ET as part of WPS Office, version 11.2.0.10351. A specially-crafted XLS file can cause a use-after-free condition, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the...

IBM InfoSphere Information Server Command Execution Vulnerability

IBM InfoSphere Information Server is a data integration platform from IBM Corporation. IBM InfoSphere Information Server version 11.7 has a command execution vulnerability that could be exploited by an attacker to execute arbitrary commands on the system by sending specially crafted requests...