CVE-2022-38771

The mobile application in Transtek Mojodat FAM Fixed Asset Management 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request...

Transtek Mojodat FAM SQL注入漏洞

Transtek Mojodat FAM is a Fixed Asset Management software from Transtek Lebanon. A security vulnerability exists in Transtek Mojodat FAM Fixed Asset Management version 2.4.6, which stems from a vulnerability that allows remote attackers to send SCRIPT tags as injected input to API requests...

KLA19245 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service, obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A remote cod...

mysql: C API unspecified vulnerability (CPU Oct 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: C API. Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

PT-2022-9174 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman affected versions not specified Description: A flaw was found in the Foreman project, specifically in the Datacenter plugin, which exposes the password through the API to an authenticated local attacker with view hosts permission. Thi...

Archer Platform 安全漏洞

Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability exists in Archer Platform versions 6.8 through prior to 6.11 P3 6.11.0.3 that stems from the inclusion of incorrect API access controls in a multi-instance system, which can compromise...

Cisco ACI Multi-Site Orchestrator 安全漏洞

Cisco ACI Multi-Site Orchestrator is a multi-site orchestrator from Cisco. It provides consistent network and policy orchestration, scalability, and disaster recovery across multiple data centers through a single management platform, while allowing data centers to go wherever the data is. A...

CVE-2022-35734

'Hulu / フールー' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...

PT-2022-22570 · Swftools · Swftools

Name of the Vulnerable Software and Affected Versions: SWFTools affected versions not specified Description: A segmentation violation was discovered in SWFTools via the /multiarch/memset-vec-unaligned-erms.S API endpoint. Recommendations: At the moment, there is no information about a newer versi...

Out-of-bounds Write to API in vim/vim

...

WordPress plugin MailerLite – Signup forms (official) 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2022-2647

A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be...

ITPison OMICARD EDM SQL注入漏洞

ITPison OMICARD EDM is a high-speed newsletter EDM marketing and distribution system from ITPison, China. A security vulnerability exists in ITPison OMICARD EDM that stems from insufficient validation of user input by API functions. A remote attacker can exploit the vulnerability by injecting...

DEBIAN-CVE-2022-35737

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API...

ZOHO ManageEngine SupportCenter Plus 授权问题漏洞

ZOHO ManageEngine SupportCenter Plus is a web-based customer support software from ZOHO India. It is used to allow organizations to efficiently manage customer requests, their account and contact information, service contracts, and provide a superior customer experience in the process. A security...

SQLite 输入验证错误漏洞

SQLite is a lightweight database, a relational database management system that adheres to ACID. security vulnerabilities exist in versions prior to SQLite 3.39.2, which originate from the auxiliary C API. no details of the vulnerabilities are currently available...

PT-2022-3784 · Cisco · Cisco Nexus Dashboard

Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard affected versions not specified Description: The issue is related to multiple vulnerabilities in the Cisco Nexus Dashboard, which could allow an unauthenticated, remote attacker to execute arbitrary commands, read or...

PT-2022-22193 · Digital Watchdog · Dw Spectrum Server

Name of the Vulnerable Software and Affected Versions: Digital Watchdog DW Spectrum Server version 4.2.0.32842 Description: The issue allows attackers to access sensitive information via a crafted API call. Recommendations: For Digital Watchdog DW Spectrum Server version 4.2.0.32842, consider...

Digital Watchdog DW MEGApix IP 信息泄露漏洞

Digital Watchdog DW MEGApix IP is a camera from Digital Watchdog. A security vulnerability exists in Digital Watchdog DW MEGApix IP version 4.2.0.32842, which stems from a vulnerability that allows an attacker to access sensitive information via a crafted API call...

Samsung telephony-common.jar information disclosure vulnerability

Samsung telephony-common.jar is a Telephony service for Samsung mobile devices that provides support for the Telephony Application Programming Interface TAPI. A local attacker with log access could exploit the vulnerability to obtain IMSI through device logs...