Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2022-27439)

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.Delta Electronics...

WordPress Optimole plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress plugin Optimole version 3.3.2 has a cross-site scripting vulnerability that stems from the failure of image optimization and...

Image optimization & Lazy Load < 3.3.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its "Lazyload background images for selectors" settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the Media Optimole...

Security Bulletin: A vulnerability in IBM® SDK, Java™ may affect IBM Decision Optimization Center (CVE-2021-35603)

Summary There is a vulnerability in IBM® Java™ versions 7 & 8 used by IBM Decision Optimization Center. IBM Decision Optimization Center has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component...

Security Bulletin: A vulnerability in IBM® SDK, Java™ may affect IBM Decision Optimization Center (CVE-2021-35550)

Summary There is a vulnerability in IBM® Java™ versions 7 & 8 used by IBM Decision Optimization Center. IBM Decision Optimization Center has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component...

Security Bulletin: Multiple vulnerabilities in IBM® Java™ Runtime may affect IBM Decision Optimization Center (CVE-2022-21360, CVE-2022-21365)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 & 8 used by IBM Decision Optimization Center. IBM Decision Optimization Center has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2022-21365 DESCRIPTION: An unspecified vulnerability in Java S...

Security Bulletin: Multiple vulnerabilities in IBM® Java™ may affect IBM ILOG CPLEX Optimization Studio (CVE-2022-21360, CVE-2022-21365)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 & 8 used by IBM CPLEX Optimization Studio. IBM CPLEX Optimization Studio has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2022-21365 DESCRIPTION: An unspecified vulnerability in Java SE...

SUSE: Security Advisory (SUSE-SU-2022:0843-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

New Exploit Bypasses Existing Spectre-V2 Mitigations in Intel, AMD, Arm CPUs

Researchers have disclosed a new technique that could be used to circumvent existing hardware mitigations in modern processors from Intel, AMD, and Arm, and stage speculative execution attacks such as Spectre to leak sensitive information from host memory. Attacks like Spectre are designed to bre...

Ericsson Network Manage安全漏洞

Ericsson Network Manage is a network manager from Ericsson, Sweden. It covers monitoring, troubleshooting, configuration, automation and optimization of networks. A security vulnerability exists in Ericsson Network Manager 20.2 that stems from a privilege error...

MODX Revolution code issue vulnerability

MODX Revolution is a PHP-based open source content management system CMS from the US company MODX. The system supports online collaboration, search engine optimization SEO, etc. MODX Revolution has a code issue vulnerability that can be exploited by attackers to execute arbitrary code by uploadin...

WordPress "WordPress Robots.txt optimization (+ XML Sitemap) – Website traffic, SEO & ranking Booster" plugin < 1.4.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress "WordPress Robots.txt optimization + XML Sitemap – Website traffic, SEO & ranking Booster" plugin versions 1.4.4. Solution Update the WordPress "WordPress Robots.txt optimization + XML Sitemap – Websit...

WordPress Mobile View for Responsive web design optimization (UX design) + Mobile Friendly Test plugin <= 1.2.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Mobile View for Responsive web design optimization UX design + Mobile Friendly Test plugin versions = 1.2.3. Solution Update the WordPress Mobile View for Responsive web design optimization UX design +...

The vulnerability of the Optimization Guide browser services for Google Chrome and Microsoft Edge allows attackers to cause service failures or increase their privileges.

The vulnerability of the Optimization Guide browser services provided by Google Chrome and Microsoft Edge is related to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to cause service failures or increase their privileges through a specially created...

Use After Free

chromium is vulnerable to use after free. The vulnerability exists in Optimization Guide which allows an attacker to cause a memory corruption...

CVE-2022-23646 Improper CSP in Image Optimization API for Next.js

Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface UI Misrepresentation of Critical Information. In order to be affected, the next.config.js file must have an images.domains array assigned and the image host assigned in...

GHSA-FMVM-X8MV-47MJ Improper CSP in Image Optimization API for Next.js versions between 10.0.0 and 12.1.0

Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface UI Misrepresentation of Critical Information. In order to be affected, the next.config.js file must have an images.domains array assigned and the image host assigned in...

Improper CSP in Image Optimization API for Next.js versions between 10.0.0 and 12.1.0

Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface UI Misrepresentation of Critical Information. In order to be affected, the next.config.js file must have an images.domains array assigned and the image host assigned in...

Incoming audio issue on Microsoft Teams optimization for CWA HTML5

Any user on optimized Microsoft Teams is not able to receive any incoming audio during audio or video calls. Video streaming is not impacted. Users who meet below conditions are likely to see the issue are on Citrix Workspace app for HTML5 AND have enabled Microsoft Teams optimization...

Incoming audio issue on Microsoft Teams optimization for CWA Chrome OS

Any user on optimized Microsoft Teams is not able to receive any incoming audio during audio or video calls. Video streaming is not impacted. Users who meet the below conditions are likely to see the issue are on Citrix Workspace app for Chrome OS AND have enabled Microsoft Teams optimization...