‼ CVE-2022-0176 ‼
📖 Read
via "National Vulnerability Database".
The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0302 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0311 ‼
📖 Read
via "National Vulnerability Database".
Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0310 ‼
📖 Read
via "National Vulnerability Database".
Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via specific user interactions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0208 ‼
📖 Read
via "National Vulnerability Database".
The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise and escape the mapid parameter before outputting it back in the "Bad mapid" error message, leading to a Reflected Cross-Site Scripting📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25109 ‼
📖 Read
via "National Vulnerability Database".
The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24977 ‼
📖 Read
via "National Vulnerability Database".
ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHP_SESSION_UPLOAD_PROGRESS when the PHP installation supports upload_progress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0304 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24446 ‼
📖 Read
via "National Vulnerability Database".
The Remove Footer Credit WordPress plugin before 1.0.6 does not have CSRF check in place when saving its settings, which could allow attacker to make logged in admins change them and lead to Stored XSS issue as well due to the lack of sanitisation📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0206 ‼
📖 Read
via "National Vulnerability Database".
The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0570 ‼
📖 Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in Homebrew mruby prior to 3.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25115 ‼
📖 Read
via "National Vulnerability Database".
The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable to Stored Cross-Site Scripting (XSS). Error log content was handled improperly, therefore any user, even unauthenticated, could cause arbitrary javascript to be executed in the admin panel.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0571 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24976 ‼
📖 Read
via "National Vulnerability Database".
Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0295 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25033 ‼
📖 Read
via "National Vulnerability Database".
The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0301 ‼
📖 Read
via "National Vulnerability Database".
Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24874 ‼
📖 Read
via "National Vulnerability Database".
The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.31 does not escape the lang and pid parameter before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0305 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25050 ‼
📖 Read
via "National Vulnerability Database".
The Remove Footer Credit WordPress plugin before 1.0.11 does properly sanitise its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0569 ‼
📖 Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor in Packagist snipe/snipe-it prior to v5.3.9.📖 Read
via "National Vulnerability Database".