PT-2022-27734 · Unknown · Usememos/Memos

Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.9.0 Description: The issue is related to stored Cross-site Scripting XSS in the usememos/memos GitHub repository. This allows for malicious scripts to be stored and executed on the platform. A patch is...

CVE-2020-36617

A vulnerability was found in ewxrjk sftpserver. It has been declared as problematic. Affected by this vulnerability is the function sftpparsepath of the file parse.c. The manipulation leads to uninitialized pointer. The real existence of this vulnerability is still doubted at the moment. The name...

CVE-2022-4595 django-openipam exposed_hosts.html cross site scripting

A vulnerability classified as problematic has been found in django-openipam. This affects an unknown part of the file openipam/report/templates/report/exposedhosts.html. The manipulation of the argument description leads to cross site scripting. It is possible to initiate the attack remotely. The...

PT-2022-27716 · Shoplazza · Shoplazza Lifestyle

Name of the Vulnerable Software and Affected Versions: Shoplazza LifeStyle version 1.1 Description: A vulnerability was found in the component Shipping/Member Discount/Icon, affecting unknown code of the file /admin/api/theme-edit/. The manipulation leads to cross site scripting. The attack can b...

CVE-2022-4586 Opencaching Deutschland oc-server3 Cachelist cachelists.tpl cross site scripting

A vulnerability classified as problematic was found in Opencaching Deutschland oc-server3. This vulnerability affects unknown code of the file htdocs/templates2/ocstyle/cachelists.tpl of the component Cachelist Handler. The manipulation of the argument namefilter/byfilter leads to cross site...

CVE-2022-41972 Contiki-NG contains NULL Pointer Dereference in BLE L2CAP module

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 contain a NULL Pointer Dereference in BLE L2CAP module. The Contiki-NG operating system for IoT devices contains a Bluetooth Low Energy stack. An attacker can inject a packet in th...

CVE-2022-4558 Alinto SOGo Folder/Mail NSString+Utilities.m cross site scripting

A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the file SoObjects/SOGo/NSString+Utilities.m of the component Folder/Mail Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack...

CVE-2022-4566 y_project RuoYi GenController sql injection

A vulnerability, which was classified as critical, has been found in yproject RuoYi 4.7.5. This issue affects some unknown processing of the file com/ruoyi/generator/controller/GenController. The manipulation leads to sql injection. The name of the patch is 167970e5c4da7bb46217f576dc50622b83f32b4...

UBUNTU-CVE-2022-23515

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.1.0, 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1...

Information disclosure

TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers coul...

PT-2022-27320 · D Link · D-Link Dir-3040

Name of the Vulnerable Software and Affected Versions: D-Link DIR-3040 version 120B03 Description: A command injection issue was discovered in the D-Link DIR-3040 device. The vulnerability is related to the SetTriggerLEDBlink function, which allows for command injection. Recommendations: For D-Li...

CVE-2022-4455 sproctor php-calendar index.php cross site scripting

A vulnerability was identified in sproctor php-calendar up to 2.0.13. This impacts an unknown function of the file index.php. Such manipulation of the argument $SERVER'PHPSELF' leads to cross site scripting. The attack may be launched remotely. The name of the patch is...

CVE-2022-4456 falling-fruit cross site scripting

A vulnerability has been found in falling-fruit and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 15adb8e1ea1f1c3e3d152fc266071f621ef0c621. It is recommended to app...

PT-2022-27447 · Dragino · Dragino Lora Lg01

Name of the Vulnerable Software and Affected Versions: Dragino Lora LG01 18ed40 IoT version 4.3.4 Description: A Cross-Site Request Forgery issue was discovered in the logout page of the affected software. Recommendations: For Dragino Lora LG01 18ed40 IoT version 4.3.4, consider disabling the...

PT-2022-27546 · Tenda · Tenda W6-S

Name of the Vulnerable Software and Affected Versions: Tenda W6-S version 1.0.0.4510 Description: The issue affects the component tpi systool handle0 and is related to the API endpoint /goform/SysToolRestoreSet. This allows unauthenticated attackers to arbitrarily reboot the device...

PT-2022-36432 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.225 Description: The issue is related to memory leaks in the napi get frags function. It was introduced in version v4.15 and fixed in version v5.4.225. The actual impact and attack plausibility have not yet...

CVE-2022-46164 Account takeover via prototype vulnerability

NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts. This vulnerability has been patched in version 2.6.1. Users are advised ...

CVE-2022-46169 Unauthenticated Command Injection

Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data...

PT-2022-27191 · Unknown · Solarview Compact

Name of the Vulnerable Software and Affected Versions: SolarView Compact version 7.0 Description: The issue is related to Cross-site Scripting XSS via the "/network test.php" API endpoint. This allows for potential malicious script injection and execution. No information is provided about the...

CVE-2022-45442 Sinatra vulnerable to Reflected File Download attack

Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a response when the filename is...