βΌ CVE-2021-41921 βΌ
π Read
via "National Vulnerability Database".
novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24935 βΌ
π Read
via "National Vulnerability Database".
Lexmark products through 2022-02-10 have Incorrect Access Control.π Read
via "National Vulnerability Database".
π΄ Explainable AI for Fraud Prevention π΄
π Read
via "Dark Reading".
As the use of AI- and ML-driven decision-making draws transparency concerns, the need increases for explainability, especially when machine learning models appear in high-risk environments.π Read
via "Dark Reading".
Dark Reading
Explainable AI for Fraud Prevention
As the use of AI- and ML-driven decision-making draws transparency concerns, the need increases for explainability, especially when machine learning models appear in high-risk environments.
βΌ CVE-2021-43930 βΌ
π Read
via "National Vulnerability Database".
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28101 βΌ
π Read
via "National Vulnerability Database".
Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing attackers to execute HTML injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22782 βΌ
π Read
via "National Vulnerability Database".
The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the userΓ’β¬β’s host machine.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43932 βΌ
π Read
via "National Vulnerability Database".
Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24879 βΌ
π Read
via "National Vulnerability Database".
Shopware is an open source e-commerce software platform. Versions prior to 5.7.9 are vulnerable to malfunction of cross-site request forgery (CSRF) token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22781 βΌ
π Read
via "National Vulnerability Database".
The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. This could lead to a malicious actor updating an unsuspecting userΓ’β¬β’s currently installed version to a less secure version.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43934 βΌ
π Read
via "National Vulnerability Database".
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate upload requests, enabling a malicious user to potentially upload arbitrary files.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41945 βΌ
π Read
via "National Vulnerability Database".
Encode OSS <=1.0.0.beta0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43939 βΌ
π Read
via "National Vulnerability Database".
Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level administration authorization by issuing requests directly to the desired endpoints.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24873 βΌ
π Read
via "National Vulnerability Database".
Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22783 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive attacker.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28102 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28114 βΌ
π Read
via "National Vulnerability Database".
DSCMS v3.0 was discovered to contain an arbitrary file deletion vulnerability via /controller/Adv.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1511 βΌ
π Read
via "National Vulnerability Database".
Improper Access Control in GitHub repository snipe/snipe-it prior to 5.4.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24892 βΌ
π Read
via "National Vulnerability Database".
Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an attacker to take over the victim's account if they somehow gain access to the victims email account and find an unused password reset token in the emails. This issue is fixed in version 5.7.9.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28117 βΌ
π Read
via "National Vulnerability Database".
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22443 βΌ
π Read
via "National Vulnerability Database".
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224440.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29411 βΌ
π Read
via "National Vulnerability Database".
SQL Injection (SQLi) vulnerability in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id).π Read
via "National Vulnerability Database".