6348 matches found
GHSA-8V3J-JFG3-V3FV Prototype Pollution in Sails.js
Sails.js = 1.5.2 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules. A patch is available in the master branch of Sails.js's GItHub repository...
CVE-2021-44908
CVE-2021-44908 describes a prototype pollution flaw in Sails.js where the vulnerability exists in the function loadActionModules() inside controller/load-action-modules.js. The affected software is Sails.js versions up to and including 1.4.0. The underlying cause is prototype pollution, enabling ...
CVE-2021-45791
Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/membertype.php, /admin/modules/system/usergroup.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users...
Sql injection
Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/membertype.php, /admin/modules/system/usergroup.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users...
CVE-2021-45792
Slims9 Bulian 9.4.2 is affected by Cross Site Scripting XSS in /admin/modules/system/customfield.php...
CVE-2021-45791
CVE-2021-45791 affects Slims8 Akasia 8.3.1. A SQL injection exists in multiple admin modules (bibliography, member_type, user_group, membership index) via the dir parameter, due to insufficient input escaping/validation. Exploitation is described as feasible by remotely authenticated librarian us...
Sails.js 注入漏洞
Sails.js is a Node.js-based web application framework from Sails, Inc. Sails.js suffers from an injection vulnerability that originates in the loadActionModules function in controller/load-action-modules.js, which is susceptible to a prototype contamination vulnerability. The vulnerability affect...
Slims8 Akasia SQL注入漏洞
Slims8 Akasia is a software of the Slims community in Indonesia. It is used for library resource management e.g. books, journals, digital documents and other library materials and administration.An SQL injection vulnerability exists in Slims8 Akasia version 8.3.1, which stems from missing SQL...
io.jenkins.blueocean:blueocean (>=1.0-alpha-1 <=1.27.25), io.jenkins.blueocean:blueocean-bitbucket-pipeline (>=1.27.17 <=1.27.25) +10 more potentially affected by CVE-2022-27196 via org.jvnet.hudson.plugins:favorite (>=1.16 <=2.3.1)
org.jvnet.hudson.plugins:favorite MAVEN version =1.16, =1.0-alpha-1, =1.27.17, =1.0.0, =1.0-alpha-1, =1.0-alpha-1, =1.0.0, =1.0.0, =1.0-alpha-8, =1.0-alpha-4, =0.1-preview-4, =1.0-alpha-1, =0.1, =1.0.0 Source cves: CVE-2022-27196 Source advisory: OSV:GHSA-874R-46C6-7P4R...
Huawei Emui and Magic UI Bastet modules have unspecified vulnerabilities
Huawei Emui is a mobile operating system developed on Android.Magic Ui is a mobile operating system developed on Android.Huawei Emui and Magic UI Bastet modules have a security vulnerability that can be exploited by attackers to compromise the integrity...
gnuhealth-all-modules (>=4.0.4 <=4.4.1) potentially affected by CVE-2022-26662 via proteus (=6.0.10)
proteus PYPI version =6.0.10 is affected by a known vulnerability. The following packages have a transitive dependency on proteus and may be impacted: - gnuhealth-all-modules =4.0.4, =4.4.1 Source cves: CVE-2022-26662 Source advisory: OSV:GHSA-PM3H-MM62-PWM8...
gnuhealth-all-modules (>=4.0.4 <=4.4.1) potentially affected by CVE-2022-26661 via proteus (=6.0.10)
proteus PYPI version =6.0.10 is affected by a known vulnerability. The following packages have a transitive dependency on proteus and may be impacted: - gnuhealth-all-modules =4.0.4, =4.4.1 Source cves: CVE-2022-26661 Source advisory: OSV:GHSA-CJ78-RGW3-4H5P...
Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads
The Qakbot botnet is getting more dangerous, sinking its fangs into email threads and injecting malicious modules to pump up the core botnet’s powers. On Thursday, Sophos published a deep dive into the botnet, describing how researchers have recently seen it spreading through email thread hijacki...
Huawei EMUI和Huawei Magic UI 安全漏洞
Huawei Emui is a mobile operating system developed on Android. magic Ui is a mobile operating system developed on Android. Huawei Emui and Magic UI Nearby modules are vulnerable to authorization issues that could be exploited by attackers to compromise availability and integrity...
HUAWEI EMUI和Honor Magic Ui 安全漏洞
Huawei Emui is a mobile operating system developed on Android. Magic Ui is a mobile operating system developed on Android. Huawei Emui and Magic UI Wi-Fi modules have a privilege control vulnerability that could be exploited by attackers to obtain sensitive information...
[slackware-security] Slackware 15.0 kernel
New kernel packages are available for Slackware 15.0 to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/linux-5.15.27/: Upgraded. These updates fix various bugs and security issues, including the recently announced "Dirty Pipe" vulnerability which...
Nvidia GPU Display Driver for Linux拒绝服务漏洞
Nvidia GPU Display Driver for Linux is a driver for interactive support of graphics modules on Linux systems from Nvidia, Inc. A denial-of-service vulnerability exists in the Nvidia GPU Display Driver for Linux kernel driver package, which can be exploited by attackers to The vulnerability can be...
DRUPAL-CONTRIB-2022-027
The GOV.UK Theme govuktheme is a Drupal theme for the GOV.UK Design System. The theme doesn't sanitize user input in certain cases, which leads to Cross-Site-Scripting XSS vulnerabilities. An attacker that can create or edit certain entities or configuration may be able to exploit one or more...
microweber has an unspecified vulnerability (CNVD-2022-13203)
Microweber is an online store management system from the US Microweber community that provides drag-and-drop functionality. The system includes modules for adding products, images, etc. Microweber has a security vulnerability, and no details of the vulnerability are available at this time...
Cobbler Command Injection Vulnerability (CNVD-2022-18324)
Cobbler is a network installation server suite that is primarily used to quickly set up Linux network installations. A command injection vulnerability exists in versions of Cobbler prior to 3.3.1, stemming from the checkforinvalidimports function in the templar.py file, which allows Cheetah code ...