βΌ CVE-2017-2657 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-36124 βΌ
π Read
via "National Vulnerability Database".
It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2715 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Employee Management System and classified as critical. This vulnerability affects unknown code of the file eloginwel.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205834 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2722 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Simple Student Information System and classified as critical. This issue affects some unknown processing of the file manage_course.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205835.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2724 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Employee Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /process/aprocess.php. The manipulation of the argument mailuid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205837 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35724 βΌ
π Read
via "National Vulnerability Database".
It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36125 βΌ
π Read
via "National Vulnerability Database".
It is possible to crash (panic) an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25907 βΌ
π Read
via "National Vulnerability Database".
The package ts-deepmerge before 2.0.2 are vulnerable to Prototype Pollution due to missing sanitization of the merge function.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-2723 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Employee Management System. It has been classified as critical. Affected is an unknown function of the file /process/eprocess.php. The manipulation of the argument mailuid/pwd leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205836.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-2726 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SEMCMS. This affects an unknown part of the file Ant_Check.php. The manipulation of the argument DID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205839.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2725 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Company Website CMS. It has been rated as problematic. Affected by this issue is some unknown functionality of the file add-blog.php. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-205838 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2727 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Gym Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mygym/admin/login.php. The manipulation of the argument admin_email/admin_pass leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205855.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2728 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Gym Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file /mygym/admin/index.php. The manipulation of the argument edit_tran leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205856.π Read
via "National Vulnerability Database".
ποΈ Simple IDOR vulnerability in Reddit allowed mischief-makers to perform mod actions ποΈ
π Read
via "The Daily Swig".
Bug fixed within 24 hours and $5,000 bug bounty awardedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Simple IDOR vulnerability in Reddit allowed mischief-makers to perform mod actions
Bug fixed within 24 hours and $5,000 bug bounty awarded
βΌ CVE-2022-2734 βΌ
π Read
via "National Vulnerability Database".
Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2732 βΌ
π Read
via "National Vulnerability Database".
Improper Privilege Management in GitHub repository openemr/openemr prior to 7.0.0.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2730 βΌ
π Read
via "National Vulnerability Database".
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2729 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2731 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2733 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.π Read
via "National Vulnerability Database".
β Slack admits to leaking hashed passwords for five years β
π Read
via "Naked Security".
"When those invitations went out... somehow, your password hash went out with them."π Read
via "Naked Security".
Naked Security
Slack admits to leaking hashed passwords for five years
βWhen those invitations went outβ¦ somehow, your password hash went out with them.β