👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-21907
Github: https://github.com/Malwareman007/CVE-2022-21907
Describe:
HTTP Protocol Stack Remote Code Execution Vulnerability.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-0739
Github: https://github.com/destr4ct/CVE-2022-0739
Describe:
The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-30910
Github: https://github.com/arozx/CVE-2022-30910
Describe:
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the GO parameter at /goform/aspForm.

** xray ** 🔧Tool update
Tools name：xray
Tools url：https://github.com/chaitin/xray/commit/4f47fb13a2454590309eaf2279ba2c9a3b1150fe
commitUpdate log：
Fix Python3 Flask bug: ImportError: cannot import name 'escape' from 'jinja2' (/usr/local/lib/python3.9/dist-packages/jinja2/__init__.py) (#1680)

Signed-off-by: DroidKali <DroidKali@users.noreply.github.com>

Signed-off-by: DroidKali <DroidKali@users.noreply.github.com>
Co-authored-by: DroidKali <DroidKali@users.noreply.github.com>

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-42094
Github: https://github.com/bypazs/CVE-2022-42094
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-42096
Github: https://github.com/bypazs/CVE-2022-42096
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-42097
Github: https://github.com/bypazs/CVE-2022-42097
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-42098
Github: https://github.com/bypazs/CVE-2022-42098
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-22909
Github: https://github.com/0z09e/CVE-2022-22909
Describe:
HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40146
Github: https://github.com/cckuailong/CVE-2022-40146_Exploit_Jar
Describe:
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40470
Github: https://github.com/RashidKhanPathan/CVE-2022-40470
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-3518
Github: https://github.com/lohith19/CVE-2022-3518
Describe:
A vulnerability classified as problematic has been found in SourceCodester Sanitization Management System 1.0. Affected is an unknown function of the component User Creation Handler. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-211014 is the identifier assigned to this vulnerability.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-3602
Github: https://github.com/colmmacc/CVE-2022-3602
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-42176
Github: https://github.com/soy-oreocato/CVE-2022-42176
Describe:
In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access.

** fscan ** 🔧Tool update
Tools name：fscan
Tools url：https://github.com/shadow1ng/fscan/commit/38e48ba4205196e042db8f832a7789b76ee61c5e
commitUpdate log：
Merge pull request #225 from evilAdan0s/main

去除弱特征：过时UA头

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31692
Github: https://github.com/SpindleSec/CVE-2022-31692
Describe:
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-0185
Github: https://github.com/featherL/CVE-2022-0185-exploit
Describe:
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-33079
Github: https://github.com/Bdenneu/CVE-2022-33079
Describe:
**

👾KEYWORD SERVICE 🏷#cnvd
Name: fofa_cnvd
Github: https://github.com/nevermo0re/fofa_cnvd

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-41445
Github: https://github.com/RashidKhanPathan/CVE-2022-41445
Describe:
**

👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-41446
Github: https://github.com/RashidKhanPathan/CVE-2022-41446
Describe:
**