CVE-2022-30323
HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 3 of 3).
Source: CVE-2022-30323
[월:] 2022년 05월
CVE-2021-44974
CVE-2021-44974
radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser.
Source: CVE-2021-44974
CVE-2022-21951
CVE-2022-21951
A Missing Encryption of Sensitive Data vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5.
Source: CVE-2022-21951
CVE-2022-1883
CVE-2022-1883
SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0.
Source: CVE-2022-1883
CVE-2022-1815
CVE-2022-1815
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2.
Source: CVE-2022-1815
CVE-2022-29405
CVE-2022-29405
In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8
Source: CVE-2022-29405
CVE-2022-29362
CVE-2022-29362
A cross-site scripting (XSS) vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ParentID parameter.
Source: CVE-2022-29362
CVE-2022-29710
CVE-2022-29710
A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin.
Source: CVE-2022-29710
CVE-2022-29361
CVE-2022-29361
Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body.
Source: CVE-2022-29361
CVE-2022-29359
CVE-2022-29359
A stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs/application_form&id=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter.
Source: CVE-2022-29359