‼ CVE-2022-30736 ‼
📖 Read
via "National Vulnerability Database".
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30730 ‼
📖 Read
via "National Vulnerability Database".
Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30731 ‼
📖 Read
via "National Vulnerability Database".
Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files application.📖 Read
via "National Vulnerability Database".
👍2
‼ CVE-2022-2022 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31470 ‼
📖 Read
via "National Vulnerability Database".
An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29620 ‼
📖 Read
via "National Vulnerability Database".
** DISPUTED ** FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH or FTP servers via a memory dump.- NOTE: the vendor does not consider this a vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30466 ‼
📖 Read
via "National Vulnerability Database".
joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authentication Bypass by Capture-replay.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35531 ‼
📖 Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35530 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0 2.1.0; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35532 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.📖 Read
via "National Vulnerability Database".
🕴 An Emerging Threat: Attacking 5G Via Network Slices 🕴
📖 Read
via "Dark Reading".
A successful attack against 5G networks could disrupt critical infrastructure, manipulate sensor data, or even cause physical harm to humans.📖 Read
via "Dark Reading".
Dark Reading
An Emerging Threat: Attacking 5G Via Network Slices
A successful attack against 5G networks could disrupt critical infrastructure, manipulate sensor data, or even cause physical harm to humans.
🕴 Now Is the Time to Plan for Post-Quantum Cryptography 🕴
📖 Read
via "Dark Reading".
Panelists from an RSA Conference keynote agreed that organizations need to begin work on PQC migration, if they haven't already.📖 Read
via "Dark Reading".
Dark Reading
Now Is the Time to Plan for Post-Quantum Cryptography
Panelists from an RSA Conference keynote agreed that organizations need to begin work on PQC migration, if they haven't already.
‼ CVE-2022-24065 ‼
📖 Read
via "National Vulnerability Database".
The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36543 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in SialWeb CMS. This affects an unknown part of the file /about.php. The manipulation of the argument Id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1690 ‼
📖 Read
via "National Vulnerability Database".
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1673 ‼
📖 Read
via "National Vulnerability Database".
The WooCommerce Green Wallet Gateway WordPress plugin before 1.0.2 does not escape the error_envision query parameter before outputting it to the page, leading to a Reflected Cross-Site Scripting vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1647 ‼
📖 Read
via "National Vulnerability Database".
The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1598 ‼
📖 Read
via "National Vulnerability Database".
The WPQA Builder WordPress plugin before 5.4 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0788 ‼
📖 Read
via "National Vulnerability Database".
The WP Fundraising Donation and Crowdfunding Platform WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1569 ‼
📖 Read
via "National Vulnerability Database".
The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1597 ‼
📖 Read
via "National Vulnerability Database".
The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks📖 Read
via "National Vulnerability Database".