8297 matches found
CVE-2022-0594
The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated in v 9.7.5 and author+ in v9.7.5 users, allowing them to call it and retrieve various information such as t...
CVE-2022-0594 Shareaholic < 9.7.6 - Information Disclosure
The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated in v 9.7.5 and author+ in v9.7.5 users, allowing them to call it and retrieve various information such as t...
io.dataease:dataease-plugin-datasource (>=1.10.0 <=1.11.1), io.dataease:dataease-plugin-interface (>=1.0 <=1.11.1) +1 more potentially affected by CVE-2022-34112 via io.dataease:dataease-plugin-common (>=1.0 <=1.11.1)
io.dataease:dataease-plugin-common MAVEN version =1.0, =1.10.0, =1.0, =1.10.0, =1.11.1 Source cves: CVE-2022-34112 Source advisory: OSV:GHSA-C2PJ-RR68-PW94...
io.github.gpc:asynchronous-mail (>=3.1.0 <=3.1.1), io.github.longwa:build-test-data (=5.0.0) +23 more potentially affected by CVE-2022-35912 via org.grails:grails-databinding (>=5.0.0 <=5.1.8)
org.grails:grails-databinding MAVEN version =5.0.0, =3.1.0, =4.0.0, =5.0.0.RC2, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.1.10 and more Source cves: CVE-2022-35912 Source advisory: OSV:GHSA-6RH6-X8WW-9H97...
org.grails:grails-plugin-codecs (=5.2.0), org.grails:grails-plugin-controllers (=5.2.0) +14 more potentially affected by CVE-2022-35912 via org.grails:grails-databinding (=5.2.0)
org.grails:grails-databinding MAVEN version =5.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.grails:grails-databinding and may be impacted: - org.grails:grails-plugin-codecs =5.2.0 - org.grails:grails-plugin-controllers =5.2.0 -...
CVE-2022-34902
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 39316 Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within t...
CVE-2022-34902
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 39316 Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within t...
Design/Logic Flaw
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 39316 Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within t...
CVE-2022-34902
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 39316 Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within t...
org.hudsonci.plugins:JumbleHudsonPlugin (=1.0), org.hudsonci.plugins:artifactory (=2.1.3-h-1) +50 more potentially affected by CVE-2015-8031 via org.jvnet.hudson.main:hudson-core (>=1.60 <=2.2.1)
org.jvnet.hudson.main:hudson-core MAVEN version =1.60, =2.1.0, =1.0, =1.7, =1.0, =2.1.0, =2.2.01, =2.1.0, =2.1.1 and more Source cves: CVE-2015-8031 Source advisory: OSV:GHSA-J3H2-8MF8-J5R2...
Jenkins plugins Multiple Vulnerabilities (2022-06-22)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Multiple cross-site scripting XSS vulnerabilities in Jenkins 2.355 and earlier, LTS 2.332.3 and earlier allow attackers to inject HTML and...
Vault implementation can be selfdestructed due to lack of initialization
Lines of code Vulnerability details Impact HIGH - Assets can be lost directly Anybody can initialize the Vault's implementation contract. The worst case would be to selfdestruct and make all the already deployed and to be deployed Vault's proxies useless and assets in the deployed proxies will be...
Buyout Module: ethBalance is not properly updated
Lines of code Vulnerability details Impact HIGH - Assets can be stolen directly. An attacker can steal eth from buyout module Proof of Concept proof of concept1: testCashSharepoc proof of concept2: testCashRepeatpoc The proof of concept1 shows that the same amount of fractions will result in...
Plugins can be abused, custom FERC1155 Token can be abused
Lines of code Vulnerability details Impact HIGH - Assets can be stolen/compromised/lost directly. The creator of vault can add any functionality they want by plugins. Also they can bring any tokens for the vault. It can be used against users, or it will make exploits easier to execute. Proof of...
CVE-2022-32074
A stored cross-site scripting XSS vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file...
CVE-2022-32074
A stored cross-site scripting XSS vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file...
CVE-2022-32074
A stored cross-site scripting XSS vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file...
CVE-2022-32074
A stored cross-site scripting XSS vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file...
CVE-2022-32074
CVE-2022-32074 affects the osTicket-plugins Storage-FS component (audit/class.audit.php). It is a stored XSS vulnerability where a crafted SVG file can cause arbitrary web scripts/HTML execution. The issue is linked to a commit in the repository (a7842d494889fd5533d13deb3c6a7789768795ae) as part ...