CVE-2022-26254
WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names.
Source: CVE-2022-26254
[월:] 2022년 03월
CVE-2022-26252
CVE-2022-26252
aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH key(id_rsa).
Source: CVE-2022-26252
CVE-2022-26245
CVE-2022-26245
Falcon-plus v0.3 was discovered to contain a SQL injection vulnerability via the parameter grpName in /config/service/host.go.
Source: CVE-2022-26245
CVE-2022-1106
CVE-2022-1106
use after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2.
Source: CVE-2022-1106
CVE-2022-27948
CVE-2022-27948
Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz RF signal containing a fixed sequence of approximately one hundred symbols.
Source: CVE-2022-27948
CVE-2022-26205
CVE-2022-26205
Marky commit 3686565726c65756e was discovered to contain a remote code execution (RCE) vulnerability via the Display text fields. This vulnerability allows attackers to execute arbitrary code via injection of a crafted payload.
Source: CVE-2022-26205
CVE-2022-26200
CVE-2022-26200
Technitium Installer v4.4 was discovered to allow attackers to execute arbitrary code or escalate privileges via placing a crafted DLL in the same directory as the current installer.
Source: CVE-2022-26200
CVE-2022-26620
CVE-2022-26620
Akeo Consulting Rufus Executable 3.17.1846 and Rufus Portable Executable 3.17p were discovered to allow attackers to execute arbitrary code or escalate privileges via placing a crafted x86 DLL in the same directory as other executables.
Source: CVE-2022-26620
CVE-2022-26198
CVE-2022-26198
Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field.
Source: CVE-2022-26198
CVE-2022-27947
CVE-2022-27947
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter.
Source: CVE-2022-27947