CVE-2022-1139

Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

Cross-Site Request Forgery (CSRF)

Description CSRF is still possible on the Leads module Detailed Video is attached Proof of concept. Tested from: Firefox URL of Demo : https://demo.corebos.com/index.php?module=Leads&action=index&record=&relmodule=Leads Proof of Concept Video Link : https://vimeo.com/732211543 Steps Involved 1...

Swagger UI 3.14.0 < 3.38.0 Cross-Site Scripting

Swagger UI is a popular library used to beautify API specifications and render it to the users. Swagger UI versions 3.14.1 to 3.37.2 suffer from a DOM Cross-Site Scripting XSS vulnerability due to an outdated DomPurify embedded library and a feature available in the Swagger UI library itself whic...

CVE-2022-2353

Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user...

Cross site request forgery (csrf)

Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user...

Agile Point SQL注入漏洞

Agile Point is Agile Point's solution for automating business processes and workflows and building custom applications, portals and SaaS solutions. Agile Point suffers from a SQL injection vulnerability. The vulnerability stems from the lack of validation of the EncodedData parameter in the...

[SECURITY] Fedora 36 Update: meg-0.2.4-6.fc36

Fetch many paths for many hosts without killing the hosts...

CVE-2022-33085

ESPCMS P8 was discovered to contain an authenticated remote code execution RCE vulnerability via the fetchfilename function at \espcmspublic\espcmstemplates\ESPCMSTemplates...

GSD-2022-1003929 netfilter: conntrack: re-fetch conntrack after insertion

netfilter: conntrack: re-fetch conntrack after insertion This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.246 by commit...

GSD-2022-1003813 netfilter: conntrack: re-fetch conntrack after insertion

netfilter: conntrack: re-fetch conntrack after insertion This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.197 by commit...

GSD-2022-1003656 netfilter: conntrack: re-fetch conntrack after insertion

netfilter: conntrack: re-fetch conntrack after insertion This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.120 by commit...

GSD-2022-1003453 netfilter: conntrack: re-fetch conntrack after insertion

netfilter: conntrack: re-fetch conntrack after insertion This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.45 by commit...

CVE-2022-30619

Editable SQL Queries behind Base64 encoding sending from the Client-Side to The Server-Side for a particular API used in legacy Work Center module. He attack is available for any authenticated user, in any kind of rule. under the function : /AgilePointServer/Extension/FetchUsingEncodedData in the...

MAL-2022-4629 Malicious code in mitui-util-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e46f48ec28cd3be6ebaa4cd8d2e4d9ae3a0d627267fb5bcdf6d6063b6a6931d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in mitui-util-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e46f48ec28cd3be6ebaa4cd8d2e4d9ae3a0d627267fb5bcdf6d6063b6a6931d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in buffer-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90e069e0b257c2c44767bc83c877dfad638c54bed27449cb150292068db051c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1715 Malicious code in buffer-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90e069e0b257c2c44767bc83c877dfad638c54bed27449cb150292068db051c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3991 Malicious code in iv-node-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7d22d43dc3fae73889f4b570379c506d709ce7f2d3602149f92e1c15176125cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in iv-node-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7d22d43dc3fae73889f4b570379c506d709ce7f2d3602149f92e1c15176125cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in merlin-products-fetch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cc2949d7ccace2a49fa195114fa2ec70249c0da126015d8633f6780145cf0e7e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...