PT-2022-4025 · Jenkins · Jenkins Openshift Deployer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpenShift Deployer Plugin versions 1.2.0 and earlier Description: The issue is related to a missing permission check in the plugin, which can be exploited by attackers with Overall/Read permission to connect to an attacker-specified U...

PT-2022-22210 · Wavlink · Wavlink Wifi-Repeater Rpta2-77W

Name of the Vulnerable Software and Affected Versions: Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 Description: An access control issue allows attackers to obtain system key information and execute arbitrary commands by accessing the page "syslog.shtml". Recommendations: For Wavlink...

PT-2022-8896 · Unknown · Sonar-Wrapper

Name of the Vulnerable Software and Affected Versions: sonar-wrapper versions all versions Description: A command injection issue affects the package. The injection point is located in lib/sonarRunner.js. Recommendations: For all versions, consider restricting access to the vulnerable...

EUVD-2022-6344

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...

CVE-2022-31159 Partial Path Traversal in com.amazonaws:aws-java-sdk-s3

The AWS SDK for Java enables Java developers to work with Amazon Web Services. A partial-path traversal issue exists within the downloadDirectory method in the AWS S3 TransferManager component of the AWS SDK for Java v1 prior to version 1.12.261. Applications using the SDK control the...

CVE-2022-31097 Stored XSS in Grafana's Unified Alerting

Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate...

CVE-2022-2097 affecting package openssl 1.1.1k-12

CVE-2022-2097 affecting package openssl 1.1.1k-12. A patched version of the package is available...

Grafana account takeover via OAuth vulnerability

Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of...

CVE-2022-31102 Cross-site Scripting for Argo CD single sign on users

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with 2.3.0 and prior to 2.3.6 and 2.4.5 is vulnerable to a cross-site scripting XSS bug which could allow an attacker to inject arbitrary JavaScript in the /auth/callback page in a victim's browser. This...

PT-2022-15750 · Sourcecodester · Sourcecodester Clinics Patient Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Clinics Patient Management System version 2.0 Description: A critical issue was found in the system, affecting an unknown function of the file /pms/update user.php?user id=1. The manipulation of the profile picture argument wit...

PT-2022-17062 · Cwp · Cwp

Name of the Vulnerable Software and Affected Versions: CWP version 0.9.8.1122 Description: A path traversal vulnerability in loader.php allows attackers to execute arbitrary code via a crafted POST request. Recommendations: For CWP version 0.9.8.1122, consider disabling the loader.php file until ...

PT-2022-21058 · Tenda · Tenda Ax1806

Name of the Vulnerable Software and Affected Versions: Tenda AX1806 version 1.0.0.1 Description: A stack overflow issue was discovered via the list parameter in the fromSetRouteStatic function. Recommendations: For Tenda AX1806 version 1.0.0.1, consider restricting access to the fromSetRouteStati...

PT-2022-20990 · Mcms · Mcms

Name of the Vulnerable Software and Affected Versions: MCMS version 5.2.8 Description: The issue is related to an arbitrary file upload vulnerability. This means that an attacker could potentially upload malicious files to the system, which could lead to various security problems. Recommendations...

PT-2022-22347 · Jenkins · Jenkins Deployment Dashboard Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Deployment Dashboard Plugin versions 1.0.10 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because environment names on the Deployment Dashboard view are not properly escape...

PT-2022-3089 · Motorola · Motorola Moscad +1

Name of the Vulnerable Software and Affected Versions: Motorola MOSCAD and ACE line of RTUs through 2022-05-02 Description: The issue concerns the omission of an authentication requirement in the Motorola MOSCAD and ACE line of RTUs. These devices feature IP Gateway modules that allow for...

CVE-2022-1734 affecting package kernel 5.10.116.1-1

CVE-2022-1734 affecting package kernel 5.10.116.1-1. A patched version of the package is available...

CVE-2021-30560 affecting package libxslt 1.1.34-2

CVE-2021-30560 affecting package libxslt 1.1.34-2. A patched version of the package is available...

PT-2022-20864 · Sap · Sap Financial Consolidation

Name of the Vulnerable Software and Affected Versions: SAP Financial Consolidation version 1010 Description: The issue results in escalation of privileges due to the lack of necessary authorization checks for an authenticated user. Recommendations: For SAP Financial Consolidation version 1010,...

GHSA-J8C7-3JPQ-8985 Cross-site Scripting in FacturaScripts

Cross-site Scripting XSS - Reflected in GitHub repository neorazorx/facturascripts. A patch is available on the master branch of the repository in commit 7b4ddb92...

Cross-site Scripting in FacturaScripts

Cross-site Scripting XSS - Reflected in GitHub repository neorazorx/facturascripts. A patch is available on the master branch of the repository in commit 7b4ddb92...