Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credential Disclosure

Electrolink FM/DAB/TV Transmitter controlloLogin.js Credentials Disclosure Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W...

MAL-2023-8577 Malicious code in pyjoul (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx e55dbe349f945728a3c8ffe4453ba669e734eb355c732c8c01dfab6b5e687fce Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...

RUSTSEC-2023-0049 `tui` is unmaintained; use `ratatui` instead

The tui crate is no longer maintained. Consider using the ratatui crate instead...

Perimeter 81 安全漏洞

Perimeter 81 is a cybersecurity experience platform from the Israeli company Perimeter 81. A security vulnerability exists in Perimeter 81 version 10.0.0.19, which originates from shell metacharacters in usingCAPath...

Moderate: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

CVE-2022-23164

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...

JVN#50862842: EC-CUBE plugin "NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series)" vulnerable to authentication bypass

EC-CUBE plugin "NEXT ENGINE Integration Plugin for EC-CUBE 2.0 series" provided by NE Inc. contains an authentication bypass vulnerability CWE-287. Impact A remote attacker may alter the information stored in the system. Solution Stop using "NEXT ENGINE Integration Plugin for EC-CUBE 2.0 series "...

JVN#75742861: Improper restriction of XML external entity references (XXE) in National land numerical information data conversion tool

National land numerical information data conversion tool provided by MLIT improperly restricts XML external entity references XXE CWE-611. Impact By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker. Solution Stop using the product The developer...

Jenkins Plugin Veracode Scan 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

JVN#98612206: Multiple vulnerabilities in PLANEX COMMUNICATIONS Network Camera CS-WMV02G

Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G provided by PLANEX COMMUNICATIONS INC. contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2023-22370 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.8...

wws-ceramic.com Cross Site Scripting vulnerability OBB-3192124

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

omnia-raczynscy.pl Cross Site Scripting vulnerability OBB-3071621

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Malicious Package

Overview msfpath is a malicious package. It launches a reverse shell that connects back to a malicious host. Remediation Avoid using all malicious instances of the msfpath package. Credit: Raul Onitza-Klugman from Snyk Research Team...

PT-2022-6233 · Netcomm · Netcomm Nf20Mesh +2

Name of the Vulnerable Software and Affected Versions: Netcomm NF20MESH versions Netcomm NF20 versions Netcomm NL1902 versions Description: A stack-based buffer overflow issue affects the sessionKey parameter, allowing a remote attacker to potentially execute arbitrary code by providing a specifi...

PT-2022-24368 · Tenda · Tenda Ac18 Wifi Router +1

Name of the Vulnerable Software and Affected Versions: Tenda AC15 WiFi Router version V15.03.05.19 multi Tenda AC18 WiFi Router version V15.03.05.19 multi Description: A buffer overflow issue was discovered via the filePath parameter at the "/goform/expandDlnaFile" API endpoint. Recommendations:...

moodle.monzon.salesianos.org Cross Site Scripting vulnerability OBB-2914222

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CodeIgniter Shield 跨站请求伪造漏洞

CodeIgniter Shield is the authentication and authorization module for CodeIgniter 4 from CodeIgniter, Inc. A cross-site request forgery vulnerability exists in CodeIgniter Shield. An attacker exploits this vulnerability to bypass organizations with CodeIgniter Shield...

Multiple vulnerabilities in Nintendo Wi-Fi Network Adaptor WAP-001

Overview Nintendo Wi-Fi Network Adaptor provided by Nintendo Co.,Ltd. contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2022-36381 Buffer overflow CWE-121 - CVE-2022-36293 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc reported these vulnerabilities to IP...

Adobe Acrobat 2017 Security Update (APSB22-32) - Mac OS X

Adobe Acrobat Reader is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:acrobat";...

Agile Point SQL注入漏洞

Agile Point is Agile Point's solution for automating business processes and workflows and building custom applications, portals and SaaS solutions. Agile Point suffers from a SQL injection vulnerability. The vulnerability stems from the lack of validation of the EncodedData parameter in the...