CVE-2021-31805
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{…} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.
Source: CVE-2021-31805
CVE-2022-27164
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers
Source: CVE-2022-27164
CVE-2021-42255
BeyondTrust AppGuard Enterprise through 6.6.20.2 creates a Temporary File in a Directory with Insecure Permissions.
Source: CVE-2021-42255
CVE-2022-27161
Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers
Source: CVE-2022-27161
CVE-2022-27162
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser
Source: CVE-2022-27162
CVE-2022-27165
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus
Source: CVE-2022-27165
CVE-2022-27163
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser
Source: CVE-2022-27163
CVE-2021-32040
It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS attack. This vulnerability affects MongoDB versions prior to 5.0.4, 4.4.11, 4.2.16.
Source: CVE-2021-32040
CVE-2022-0140
The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint.
Source: CVE-2022-0140
CVE-2022-0142
The Visual Form Builder WordPress plugin before 3.0.6 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
Source: CVE-2022-0142