🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-40191 ‼

Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Ali Khallad's Contact Form By Mega Forms plugin <= 1.2.4 at WordPress.

📖 Read

via "National Vulnerability Database".

152 views16:26

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-38058 ‼

Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at WordPress.

📖 Read

via "National Vulnerability Database".

146 views16:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-36842 ‼

A heap-based overflow vulnerability in prepareRecogLibrary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

📖 Read

via "National Vulnerability Database".

139 views16:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-36855 ‼

A use after free vulnerability in iva_ctl driver prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

📖 Read

via "National Vulnerability Database".

132 views16:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-26393 ‼

The Baxter Spectrum WBM is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information or cause a Denial of Service (DoS) on the WBM.

📖 Read

via "National Vulnerability Database".

127 views16:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-38280 ‼

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list.

📖 Read

via "National Vulnerability Database".

121 views16:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-36843 ‼

A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

📖 Read

via "National Vulnerability Database".

119 views16:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-37299 ‼

An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php

📖 Read

via "National Vulnerability Database".

117 views16:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-38700 ‼

OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service.

📖 Read

via "National Vulnerability Database".

120 views16:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-38281 ‼

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list.

📖 Read

via "National Vulnerability Database".

119 views16:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-39845 ‼

Improper validation of integrity check vulnerability in Samsung Kies prior to version 2.6.4.22074 allows local attackers to delete arbitrary directory using directory junction.

📖 Read

via "National Vulnerability Database".

119 views16:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-37412 ‼

Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Galerio & Urda's Better Delete Revision plugin <= 1.6.1 at WordPress.

📖 Read

via "National Vulnerability Database".

117 views16:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-2905 ‼

An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.

📖 Read

via "National Vulnerability Database".

119 views16:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-36849 ‼

Use after free vulnerability in sdp_mm_set_process_sensitive function of sdpmm driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions.

📖 Read

via "National Vulnerability Database".

123 views16:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-37335 ‼

Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in WHA's Word Search Puzzles game plugin <= 2.0.1 at WordPress.

📖 Read

via "National Vulnerability Database".

127 views16:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-2526 ‼

A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.

📖 Read

via "National Vulnerability Database".

132 views16:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-36875 ‼

Improper restriction of broadcasting Intent in SaWebViewRelayActivity of?Waterplugin prior to version 2.2.11.22081151 allows attacker to access the file without permission.

📖 Read

via "National Vulnerability Database".

131 views16:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-36870 ‼

Pending Intent hijacking vulnerability in MTransferNotificationManager in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.

📖 Read

via "National Vulnerability Database".

128 views16:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-38064 ‼

OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information.

📖 Read

via "National Vulnerability Database".

132 views16:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-38701 ‼

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

📖 Read

via "National Vulnerability Database".

136 views16:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-36376 ‼

Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plugin <= 1.0.95 at WordPress.

📖 Read

via "National Vulnerability Database".

139 views16:29

About

Blog

Apps

Platform