CVE-2022-25598

Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.

Source: CVE-2022-25598

CVE-2022-1172

Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV.

Source: CVE-2022-1172

CVE-2022-28209

An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect.

Source: CVE-2022-28209

CVE-2022-28206

An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights.

Source: CVE-2022-28206

CVE-2022-1163

Cross-site Scripting (XSS) – Stored in GitHub repository mineweb/minewebcms prior to next.

Source: CVE-2022-1163

CVE-2022-28205

An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future.

Source: CVE-2022-28205

CVE-2022-28202

An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete.

Source: CVE-2022-28202

CVE-2022-27816

SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service.

Source: CVE-2022-27816

CVE-2022-24693

Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)

Source: CVE-2022-24693

CVE-2020-24771

Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content.

Source: CVE-2020-24771