‼ CVE-2022-42743 ‼
📖 Read
via "National Vulnerability Database".
deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44628 ‼
📖 Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin <= 0.2.17 on WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44627 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 1.8.12 on WordPress allows attackers to create or delete sitemaps.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43063 ‼
📖 Read
via "National Vulnerability Database".
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Users.php?f=delete_client.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43574 ‼
📖 Read
via "National Vulnerability Database".
"IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679."📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43495 ‼
📖 Read
via "National Vulnerability Database".
OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardware_device_manager when joining a network. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41714 ‼
📖 Read
via "National Vulnerability Database".
fastest-json-copy version 1.0.1 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the '__proto__' property to be edited.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42746 ‼
📖 Read
via "National Vulnerability Database".
CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43062 ‼
📖 Read
via "National Vulnerability Database".
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_appointment.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42748 ‼
📖 Read
via "National Vulnerability Database".
CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42749 ‼
📖 Read
via "National Vulnerability Database".
CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43449 ‼
📖 Read
via "National Vulnerability Database".
OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43451 ‼
📖 Read
via "National Vulnerability Database".
OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal vulnerability in appspawn and nwebspawn services. Local attackers can create arbitrary directories or escape application sandbox.If chained with other vulnerabilities it would allow an unprivileged process to gain full root privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41666 ‼
📖 Read
via "National Vulnerability Database".
A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44724 ‼
📖 Read
via "National Vulnerability Database".
The Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Data Center 3.x before 3.5.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability.📖 Read
via "National Vulnerability Database".
👍1
🗓️ Boffins rekindle one-time program cryptographic concept 🗓️
📖 Read
via "The Daily Swig".
Authentication idea advanced but not yet fulfilled📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Boffins rekindle one-time program cryptographic concept
Authentication idea advanced but not yet fulfilled
‼ CVE-2022-3340 ‼
📖 Read
via "National Vulnerability Database".
XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41575 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn. Further investigation showed that it was not a vulnerability. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41574 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn. Further investigation showed that it was not a vulnerability. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41576 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn. Further investigation showed that it was not a vulnerability. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41668 ‼
📖 Read
via "National Vulnerability Database".
A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).📖 Read
via "National Vulnerability Database".