CVE-2023-26060

An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult t...

Online Payroll System 跨站脚本漏洞

Online Payroll System is a system for distributing payroll online. A cross-site scripting vulnerability exists in Online Payroll System, which stems from the lack of effective filtering and escaping of user-supplied data in /admin/deductionedit.php, and can be exploited by attackers to execute...

Atlassian Jira 7.0.8 < 7.13.9 DoS Via Missing Input Validation In Userpickerbrowser

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.0.8 prior to 7.13.9 or 8.0.0 prior to 8.5.0. It is, therefore, affected by a vulnerability which permits remote attackers to impact the application's availability via a Denia...

Atlassian 8.0.0 < 8.5.0 DoS Via Missing Input Validation In Userpickerbrowser

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.0.8 prior to 7.13.9 or 8.0.0 prior to 8.5.0. It is, therefore, affected by a vulnerability which permits remote attackers to impact the application's availability via a Denia...

EulerOS 2.0 SP8 : freerdp (EulerOS-SA-2023-1313)

According to the versions of the freerdp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using /parallel command line switch might...

CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack

The U.S. Cybersecurity and Infrastructure Security Agency CISA on February 2 added two security flaws to its Known Exploited Vulnerabilities KEV Catalog, citing evidence of active exploitation. The first of the two vulnerabilities is CVE-2022-21587 CVSS score: 9.8, a critical issue impacting...

CVE-2022-21192

All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join...

CVE-2022-4235

RushBet version 2022.23.1-b490616d allows a remote attacker to steal customer accounts via use of a malicious application. This is possible because the application exposes an activity and does not properly validate the data it receives...

CVE-2023-22952

In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation...

CVE-2023-22952

In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation...

CVE-2023-22952

In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation...

CVE-2022-25931

All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

WordPress plugin Wholesale Market for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

UBUNTU-CVE-2022-39837

An issue was discovered in Connected Vehicle Systems Alliance COVESA dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a NULL pointer dereference,...

Input validation

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function...

Debian: Security Advisory (DSA-5233-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-28741

aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion LFI vulnerability that occurs due to missing input validation in v5.x...

CVE-2022-28741

aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion LFI vulnerability that occurs due to missing input validation in v5.x...

Input validation

aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion LFI vulnerability that occurs due to missing input validation in v5.x...

CVE-2022-28741

aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion LFI vulnerability that occurs due to missing input validation in v5.x...