CVE-2022-4051

creationtimestamp| type| source ---|---|--- 2022-11-17 20:17:48+00:00| seen| https://t.me/cibsecurity/53071...

PT-2022-34953 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.14 through v6.0.5 Description: The issue is related to a NULL pointer dereference in active selection access. This problem was introduced in version v5.14 and is fixed in Linux Kernel version v6.0.6. The actual impact...

PT-2022-22298 · WordPress · Wp Attachments

Name of the Vulnerable Software and Affected Versions: WP Attachments versions prior to 5.0.5 Description: The issue allows high-privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitized and escaped. The atta...

PT-2022-23627 · Intel · Intel Nuc 10 Performance Mini Pcs +1

Name of the Vulnerable Software and Affected Versions: IntelR NUC 10 Performance Kits and IntelR NUC 10 Performance Mini PCs versions prior to FNCML357.0053 Description: The issue is related to improper access control in BIOS firmware, which may allow a privileged user to enable escalation of...

PT-2022-25430 · Gvectors Team · Wpforo Forum

Name of the Vulnerable Software and Affected Versions: gVectors Team wpForo Forum plugin versions = 2.0.5 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that can lead to topic deletion. This occurs in the gVectors Team wpForo Forum plugin on WordPress. Recommendations:...

Denial of Service (DoS)

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS via excess memory...

CVE-2022-3053

creationtimestamp| type| source ---|---|--- 2022-09-26 20:22:54+00:00| seen| https://t.me/cibsecurity/50507...

Hytec Inter HWL-2511-SS 命令注入漏洞

The Hytec Inter HWL-2511-SS is an industrial LTE router and Wi-Fi access point from Hytec Inter, Japan. A security vulnerability exists in the Hytec Inter HWL-2511-SS v1.05 and earlier, which stems from the component /www/cgi-bin/popen.cgi containing a command injection...

CVE-2022-38785

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2905. Reason: This candidate is a reservation duplicate of CVE-2022-2905. Notes: All CVE users should reference CVE-2022-2905 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental...

PT-2022-16124 · WordPress · Wp Social Chat

Name of the Vulnerable Software and Affected Versions: WP Social Chat WordPress plugin versions prior to 6.0.5 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks due to the plugin not sanitizing and escaping some of its settings...

CVE-2022-37175

Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet...

CVE-2021-42052

creationtimestamp| type| source ---|---|--- 2022-08-17 02:39:29+00:00| seen| https://t.me/cibsecurity/48268...

CVE-2022-2498

An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription's author...

CVE-2022-2459

An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enabled the setting to preven...

CVE-2022-2497

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration's access token by modifying the integration URL...

PT-2022-15918 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 15.0.5 GitLab CE/EE versions 15.1 prior to 15.1.4 GitLab CE/EE versions 15.2 prior to 15.2.1 Description: An issue has been discovered that may allow access to a private project through an email invite by using...

GitLab CE/EE 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab CE/EE that stems from allowing projec...

CVE-2022-34092

Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting XSS vulnerability via svg2img.php...

i3geo 跨站脚本漏洞

i3geo is a saladesituacao open source application for developing interactive web maps. A security vulnerability exists in Portal do Software Publico Brasileiro i3geo version v7.0.5, which originates from the presence of XSS in accesstoken.php...

i3geo 跨站脚本漏洞

i3geo is a saladesituacao open source application for developing interactive web maps. A security vulnerability exists in Portal do Software Publico Brasileiro i3geo version v7.0.5, which originates from a security issue in the svg2img.php file...