CVE-2022-1064
SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1.
Source: CVE-2022-1064
[월:] 2022년 03월
CVE-2022-1040
CVE-2022-1040
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.
Source: CVE-2022-1040
CVE-2021-44751
CVE-2021-44751
A vulnerability affecting F-Secure SAFE browser before March 22, 2022 was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most modern Android OS, dialer application will require user interaction, however, some older Android OS may not need user interaction.
Source: CVE-2021-44751
CVE-2018-25032
CVE-2018-25032
zlib 1.2.11 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
Source: CVE-2018-25032
CVE-2022-22688
CVE-2022-22688
Improper neutralization of special elements used in a command (‘Command Injection’) vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
Source: CVE-2022-22688
CVE-2022-22687
CVE-2022-22687
Buffer copy without checking size of input (‘Classic Buffer Overflow’) vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
Source: CVE-2022-22687
CVE-2022-25576
CVE-2022-25576
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts.
Source: CVE-2022-25576
CVE-2022-25575
CVE-2022-25575
Multiple cross-site scripting (XSS) vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name, password, and verification code text boxes.
Source: CVE-2022-25575
CVE-2022-26249
CVE-2022-26249
Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack.
Source: CVE-2022-26249
CVE-2022-26272
CVE-2022-26272
A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php.
Source: CVE-2022-26272