4605 matches found
PT-2022-26676 · Silverstripe · Silverstripe/Subsites
Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/subsites versions through 2.6.0 Description: The subsites module can weaken edit restrictions on some files, allowing a malicious user to edit files they do not have edit rights to. This issue only affects projects...
CVE-2022-4592 luckyshot CRMx index.php commentdelete sql injection
A vulnerability was found in luckyshot CRMx and classified as critical. This issue affects the function get/save/delete/comment/commentdelete of the file index.php. The manipulation leads to sql injection. The attack may be initiated remotely. The name of the patch is...
CVE-2021-4254 ctrlo lenio Notice main.tt cross site scripting
A vulnerability has been found in ctrlo lenio and classified as problematic. Affected by this vulnerability is an unknown functionality of the file views/layouts/main.tt of the component Notice Handler. The manipulation of the argument notice.notice.text leads to cross site scripting. The attack...
PT-2022-11597 · Unknown · Chbrown Rfc6902
Name of the Vulnerable Software and Affected Versions: chbrown rfc6902 affected versions not specified Description: A problematic vulnerability has been found in chbrown rfc6902, affecting an unknown part of the file pointer.ts. The manipulation leads to improperly controlled modification of obje...
GHSA-VP22-232W-H9X8 RuoYi-Cloud Cross-site Scripting vulnerability
A vulnerability was found in yproject RuoYi-Cloud. It has been rated as problematic. Affected by this issue is some unknown functionality of the component JSON Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the publi...
RuoYi-Cloud Cross-site Scripting vulnerability
A vulnerability was found in yproject RuoYi-Cloud. It has been rated as problematic. Affected by this issue is some unknown functionality of the component JSON Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the publi...
EulerOS 2.0 SP8 : yajl (EulerOS-SA-2022-2812)
According to the versions of the yajl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow...
CVE-2022-23470 Arbitrary file access in the Galaxy data analysis platform
Galaxy is an open-source platform for data analysis. An arbitrary file read exists in Galaxy 22.01 and Galaxy 22.05 due to the switch to Gunicorn, which can be used to read any file accessible to the operating system user under which Galaxy is running. This vulnerability affects Galaxy 22.01 and...
CVE-2022-46164 Account takeover via prototype vulnerability
NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts. This vulnerability has been patched in version 2.6.1. Users are advised ...
CVE-2022-23465 SwiftTerm vulnerable to arbitrary command execution
SwiftTerm is a Xterm/VT100 Terminal emulator. Prior to commit a94e6b24d24ce9680ad79884992e1dff8e150a31, an attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing...
CVE-2022-46159
Discourse is an open-source discussion platform. In version 2.8.13 and prior on the stable branch and version 2.9.0.beta14 and prior on the beta and tests-passed branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take u...
CVE-2022-46159 Any authenticated Discourse user can create an unlisted topic
Discourse is an open-source discussion platform. In version 2.8.13 and prior on the stable branch and version 2.9.0.beta14 and prior on the beta and tests-passed branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take u...
PT-2022-27600 · Tenda · Tenda Ac6V1.0
Name of the Vulnerable Software and Affected Versions: Tenda AC6V1.0 version 15.03.05.19 Description: A buffer overflow issue was discovered via the schedEndTime parameter in the setSchedWifi function. This allows for potential exploitation. Recommendations: For Tenda AC6V1.0 version 15.03.05.19,...
PT-2022-27198 · Tenda · Tenda I21
Name of the Vulnerable Software and Affected Versions: Tenda i21 version 1.0.0.144656 Description: The issue is related to a Buffer Overflow that can be triggered via the "/goform/setUplinkInfo" API endpoint. This allows for potential exploitation. Recommendations: For Tenda i21 version...
CVE-2022-46162 Discourse BBCode plugin vulnerable to arbitrary CSS injection
discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patch...
PT-2022-23218 · Churchcrm · Churchcrm
Name of the Vulnerable Software and Affected Versions: ChurchCRM version 4.4.5 Description: The issue allows attackers to store XSS via location input Deposit Comment. This enables potential malicious activities through the exploitation of this input field. Recommendations: For ChurchCRM version...
PT-2022-26208 · Gpac · Gpac
Name of the Vulnerable Software and Affected Versions: GPAC version 2.1-DEV-rev490-g68064e101-master Description: A problematic vulnerability was found in GPAC, affecting the function lsr translate coords of the file laser/lsr dec.c. The manipulation leads to integer overflow. It is possible to...
PYSEC-2022-43175
Drag and Drop XBlock v2 implements a drag-and-drop style problem, where a learner has to drag items to zones on a target image. Versions prior to 3.0.0 are vulnerable to cross-site scripting in multiple XBlock Fields. Any platform that has deployed the XBlock may be impacted. Version 3.0.0 contai...
PT-2022-27151 · Totolink · Totolink Nr1800X
Name of the Vulnerable Software and Affected Versions: TOTOLINK NR1800X version 9.1.0u.6279 B20210910 Description: The issue concerns a command injection via the FileName parameter in the setUploadSetting function. This allows for potential malicious commands to be executed. No information is...
PT-2022-6453 · Adobe · Dimension
Name of the Vulnerable Software and Affected Versions: Adobe Dimension versions 3.4.7 and earlier Description: The issue is related to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as...