CVE-2021-44142

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "…enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

Source: CVE-2021-44142

CVE-2022-0692

Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to 3.0.1.

Source: CVE-2022-0692

CVE-2021-45008

Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights.

Source: CVE-2021-45008

CVE-2022-24553

An issue was found in Zfaka <= 1.4.5. The verification of the background file upload function check is not strict, resulting in remote command execution.

Source: CVE-2022-24553

CVE-2022-0211

The Shield Security WordPress plugin before 13.0.6 does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.

Source: CVE-2022-0211

CVE-2022-0199

The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack

Source: CVE-2022-0199

CVE-2021-4208

The ExportFeed WordPress plugin through 2.0.1.0 does not sanitise and escape the product_id POST parameter before using it in a SQL statement, leading to a SQL injection vulnerability exploitable by high privilege users

Source: CVE-2021-4208

CVE-2022-0313

The Float menu WordPress plugin before 4.3.1 does not have CSRF check in place when deleting menu, which could allow attackers to make a logged in admin delete them via a CSRF attack

Source: CVE-2022-0313

CVE-2022-0186

The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.5.3 does not sanitise and escape the Description field when editing a gallery, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks against other users having access to the gallery dashboard

Source: CVE-2022-0186

CVE-2022-0134

The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack

Source: CVE-2022-0134