βΌ CVE-2022-36008 βΌ
π Read
via "National Vulnerability Database".
Frontier is Substrate's Ethereum compatibility layer. A security issue was discovered affecting parsing of the RPC result of the exit reason in case of EVM reversion. In release build, this would cause the exit reason being incorrectly parsed and returned by RPC. In debug build, this would cause an overflow panic. No action is needed unless you have a bridge node that needs to distinguish different reversion exit reasons and you used RPC for this. There are currently no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36030 βΌ
π Read
via "National Vulnerability Database".
Project-nexus is a general-purpose blog website framework. Affected versions are subject to SQL injection due to a lack of sensitization of user input. This issue has not yet been patched. Users are advised to restrict user input and to upgrade when a new release becomes available.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2909 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206845 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2921 βΌ
π Read
via "National Vulnerability Database".
This will lead to privilege escalation from AP officers account to the System Administrator account. and gain more functionality such as Create/Update Companies. Install/Update Languages. Install/Activate Extensions. Install/Activate Themes. Install/Activate Chart of Accounts. Software Upgrade.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30036 βΌ
π Read
via "National Vulnerability Database".
MA Lighting grandMA2 Light has a password of root for the root account. NOTE: The vendor's position is that the product was designed for isolated networks. Also, the successor product, grandMA3, is not affected by this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36198 βΌ
π Read
via "National Vulnerability Database".
Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and buspassms/admin/edit-pass-detail.phpπ Read
via "National Vulnerability Database".
βΌ CVE-2022-36251 βΌ
π Read
via "National Vulnerability Database".
Clinic's Patient Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via patients.php.π Read
via "National Vulnerability Database".
β Fake Reservation Links Prey on Weary Travelers β
π Read
via "Threat Post".
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.π Read
via "Threat Post".
Threat Post
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
βΌ CVE-2022-1340 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-2930 βΌ
π Read
via "National Vulnerability Database".
Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3.π Read
via "National Vulnerability Database".
π1
β Laptop denial-of-service via music: the 1980s R&B song with a CVE! β
π Read
via "Naked Security".
We haven't validated this vuln ourselves... but the source of the story is impeccable. (Impeccably dressed, at least.)π Read
via "Naked Security".
Naked Security
Laptop denial-of-service via music: the 1980s R&B song with a CVE!
We havenβt validated this vuln ourselvesβ¦ but the source of the story is impeccable. (Impeccably dressed, at least.)
βΌ CVE-2022-2312 βΌ
π Read
via "National Vulnerability Database".
The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site scriptingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-2594 βΌ
π Read
via "National Vulnerability Database".
The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available. This vulnerability was introduced in the 5.0 rewrite and did not exist prior to that release.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3586 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed, allowing access to all ports on these resources from any pod. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-2593 βΌ
π Read
via "National Vulnerability Database".
The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24911 βΌ
π Read
via "National Vulnerability Database".
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tp_translation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin. The minimum role needed to perform such attack depends on the plugin "Who can translate ?" setting.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33900 βΌ
π Read
via "National Vulnerability Database".
PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2890 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2555 βΌ
π Read
via "National Vulnerability Database".
The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2392 βΌ
π Read
via "National Vulnerability Database".
The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35654 βΌ
π Read
via "National Vulnerability Database".
Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter.π Read
via "National Vulnerability Database".