CVE-2021-3422

The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerability impacts Splunk Enterprise versions before 7.3.9, 8.0 versions before 8.0.9, and 8.1 version...

Delta Electronics DIAEnergie SQL注入漏洞

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.Delta Electronics...

ArchivistaBox webclient 跨站脚本漏洞

ArchivistaBox webclient is a personal file management system from the Swiss company Archivista. cross-site scripting vulnerability exists in previous versions of ArchivistaBox webclient 2022/I, which stems from the program's lack of data validation filtering of user-supplied data and output. An...

PT-2022-3854 · Totolink · Totolink A3100R +5

Name of the Vulnerable Software and Affected Versions: TOTOLINK A800R version 4.1.2cu.5137 B20200730 TOTOLINK A810R version 4.1.2cu.5182 B20201026 TOTOLINK A830R version 5.9c.4729 B20191112 TOTOLINK A3000RU version 5.9c.5185 B20201128 TOTOLINK A3100R version 4.1.2cu.5050 B20200504 TOTOLINK A950RG...

CVE-2021-24950

The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in the insightcustomizeroptionsimport available to any authenticated user, does not validate user input before passing it to unserialize, nor sanitise and escape it before outputting it in the response. ...

vditor 跨站脚本漏洞

vditor is a browser-based Markdown editor that supports WYSIWYG, on-the-fly rendering similar to Typora, and split-screen preview modes. vditor versions prior to 3.8.12 are vulnerable to a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of...

CVE-2021-42857

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's DSA AgentDaServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/da/pcf" API. The affected endpoint does not have any validation of the user's input that allows a malicious payload to be...

Aternity SteelCentral AppInternals 路径遍历漏洞

Aternity SteelCentral AppInternals is a monitoring modern automation solution from Aternity, Inc. A directory traversal vulnerability exists in Aternity SteelCentral AppInternals, which stems from /api/appInternals/1.0/agent/da/pcf that does not perform any validation of user input that allows...

Tensent SentCMS 代码问题漏洞

Tensent SentCMS is an easy-to-use website management system from Tensent, China. A security vulnerability exists in Tensent SentCMS version 4.0.x. The vulnerability stems from a lack of validation of uploaded files in the file upload interface of the /user/upload/upload php code in the software...

Sourcecodester Hospital Patient Records Management System SQL注入漏洞

Sourcecodester Hospital Patient Records Management System is a web-based application that provides an automated platform for hospitals to store and manage their patient records. sourcecodester Hospital Patient Record Management System v1.0 is vulnerable to SQL injection. The vulnerability is caus...

rpm: RPM does not require subkeys to have a valid binding signature

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature."1 RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey t...

CVE-2022-24366

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2022-24359

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2021-46633

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2021-46625

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

CVE-2021-46613

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2021-46573

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

AZL-43681 CVE-2022-25235 affecting package ogdi 4.1.0-9

xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context...

Wiki Scratch -confirmaccount-v3 跨站请求伪造漏洞

Wiki Scratch -confirmaccount-v3 is a software application. Wiki Scratch -confirmaccount-v3 suffers from a cross-site request forgery vulnerability that stems from the software's lack of validation for cross-site request forgery tokens. An attacker could use this vulnerability to modify an account...

CVE-2022-0214

The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog...