4371 matches found
CVE-2022-1139
Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
CVE-2022-1139
CVE-2022-1139 refers to an inappropriate implementation in Chrome’s Background Fetch API that could allow a remote attacker to leak cross-origin data via a crafted HTML page. The issue is associated with Chrome/Chromium before version 100.0.4896.60 and was acknowledged in Google’s March 29, 2022 ...
CVE-2022-1139
Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
Cross-Site Request Forgery (CSRF)
Description CSRF is still possible on the Leads module Detailed Video is attached Proof of concept. Tested from: Firefox URL of Demo : https://demo.corebos.com/index.php?module=Leads&action=index&record=&relmodule=Leads Proof of Concept Video Link : https://vimeo.com/732211543 Steps Involved 1...
Swagger UI 3.14.0 < 3.38.0 Cross-Site Scripting
Swagger UI is a popular library used to beautify API specifications and render it to the users. Swagger UI versions 3.14.1 to 3.37.2 suffer from a DOM Cross-Site Scripting XSS vulnerability due to an outdated DomPurify embedded library and a feature available in the Swagger UI library itself whic...
The vulnerability of the WHATWG Fetch API interface for Node.js, related to errors in cookie handling, allows attackers to gain unauthorized access to protected information.
The vulnerability of the WHATWG Fetch API interface for Node.js’ cross-fetching mechanism is related to errors in cookie handling. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
CVE-2022-2353
Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user...
Cross site request forgery (csrf)
Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user...
Agile Point SQL注入漏洞
Agile Point is Agile Point's solution for automating business processes and workflows and building custom applications, portals and SaaS solutions. Agile Point suffers from a SQL injection vulnerability. The vulnerability stems from the lack of validation of the EncodedData parameter in the...
[SECURITY] Fedora 36 Update: meg-0.2.4-6.fc36
Fetch many paths for many hosts without killing the hosts...
CVE-2022-33085
ESPCMS P8 was discovered to contain an authenticated remote code execution RCE vulnerability via the fetchfilename function at \espcmspublic\espcmstemplates\ESPCMSTemplates...
GSD-2022-1003929 netfilter: conntrack: re-fetch conntrack after insertion
netfilter: conntrack: re-fetch conntrack after insertion This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.246 by commit...
GSD-2022-1003813 netfilter: conntrack: re-fetch conntrack after insertion
netfilter: conntrack: re-fetch conntrack after insertion This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.197 by commit...
GSD-2022-1003656 netfilter: conntrack: re-fetch conntrack after insertion
netfilter: conntrack: re-fetch conntrack after insertion This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.120 by commit...
GSD-2022-1003453 netfilter: conntrack: re-fetch conntrack after insertion
netfilter: conntrack: re-fetch conntrack after insertion This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.45 by commit...
CVE-2022-30619
Editable SQL Queries behind Base64 encoding sending from the Client-Side to The Server-Side for a particular API used in legacy Work Center module. He attack is available for any authenticated user, in any kind of rule. under the function : /AgilePointServer/Extension/FetchUsingEncodedData in the...
Malicious code in mitui-util-fetch (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e46f48ec28cd3be6ebaa4cd8d2e4d9ae3a0d627267fb5bcdf6d6063b6a6931d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4629 Malicious code in mitui-util-fetch (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e46f48ec28cd3be6ebaa4cd8d2e4d9ae3a0d627267fb5bcdf6d6063b6a6931d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in buffer-fetch (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90e069e0b257c2c44767bc83c877dfad638c54bed27449cb150292068db051c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1715 Malicious code in buffer-fetch (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90e069e0b257c2c44767bc83c877dfad638c54bed27449cb150292068db051c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...