CVE-2022-34441

Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contains a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges...

Exploit for CVE-2022-10270

PoC exploit for CVE-2022-10270, a vulnerability in an unspecifie...

OpenStack Horizon 跨站脚本漏洞

OpenStack Horizon is a Django-based project for OpenStack designed to provide complete OpenStack dashboards and an extensible framework for building new dashboards from reusable components. A cross-site scripting vulnerability exists in OpenStack Horizon. An attacker could exploit this...

PT-2022-6184 · Gnu · Gnu Core Utilities

Name of the Vulnerable Software and Affected Versions: GNU Core Utilities affected versions not specified Description: The issue is related to the distribution of resources without limits or regulation in the cp utility of the GNU Core Utilities package in the EMIAS OS operating system...

CVE-2022-38472

An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird 102.2,...

CVE-2022-26486

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, Thunderbird 91.6.2, and Focus...

CVE-2022-26485

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, Thunderbird 91.6.2, and Focus 97.3.0. Recent...

JetWidgets For Elementor < 1.0.14 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks jw-posts showimage='yes'...

Multiple Blind SQL Injection Vulnerabilities in Reports

Description SQL injection typically allows an attacker to extract the entire database from the vulnerable website, including user information, encrypted passwords, and business data. This can subsequently lead to mass compromise of user accounts, data being encrypted and held to ransom, or stolen...

CVE-2022-4252 SourceCodester Canteen Management System categories.php builtin_echo cross site scripting

A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function builtinecho of the file categories.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

CVE-2022-44555

The DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability may cause services to be unavailable...

CVE-2022-27586

Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version = 2.0.0 as soon as possible available in SICK Support Portal...

CVE-2022-26870

Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit...

CVE-2022-3275

Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise...

CVE-2022-35155

creationtimestamp| type| source ---|---|--- 2022-09-30 22:36:26+00:00| seen| https://t.me/cibsecurity/50798 2023-03-25 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/51054 2025-11-13 21:02:36+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m5k2tmltm62a...

The vulnerability of the Microsoft Exchange Server mail server, related to errors in code generation, allows a hacker to execute arbitrary code.

The vulnerability of Microsoft Exchange Server is related to errors in code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

TP-Link Tapo c200 1.1.15 - Remote Code Execution Exploit

Exploit Title: TP-Link Tapo c200 1.1.15 - Remote Code Execution RCE Exploit Author: hacefresko Vendor Homepage: https://www.tp-link.com/en/home-networking/cloud-camera/tapo-c200/ Version: 1.1.15 and below Tested on: 1.1.11, 1.1.14 and 1.1.15 CVE : CVE-2021-4045 Write up of the vulnerability:...

CVE-2022-3142

creationtimestamp| type| source ---|---|--- 2022-09-19 18:38:07+00:00| seen| https://t.me/cibsecurity/50038 2023-03-25 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/51042...

PT-2022-20040 · Cms8000 · Cms8000

Name of the Vulnerable Software and Affected Versions: CMS8000 affected versions not specified Description: The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard...

Dell PowerScale OneFS Information Disclosure Vulnerability

Dell PowerScale OneFS is an operating system from Dell USA. Dell PowerScale OneFS suffers from an information disclosure vulnerability that originates from the insertion of sensitive information in log files. An attacker could exploit this vulnerability to obtain sensitive data...