CVE-2021-42585
A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.
Source: CVE-2021-42585
[월:] 2022년 05월
CVE-2022-1825
CVE-2022-1825
Cross-site Scripting (XSS) – Reflected in GitHub repository collectiveaccess/providence prior to 1.8.
Source: CVE-2022-1825
CVE-2022-28874
CVE-2022-28874
Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.
Source: CVE-2022-28874
CVE-2022-1268
CVE-2022-1268
The Donate Extra WordPress plugin through 2.02 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting
Source: CVE-2022-1268
CVE-2022-1320
CVE-2022-1320
The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Source: CVE-2022-1320
CVE-2022-1298
CVE-2022-1298
The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Source: CVE-2022-1298
CVE-2022-1558
CVE-2022-1558
The Curtain WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed
Source: CVE-2022-1558
CVE-2022-1547
CVE-2022-1547
The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
Source: CVE-2022-1547
CVE-2022-0781
CVE-2022-0781
The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL injection
Source: CVE-2022-0781
CVE-2022-0346
CVE-2022-0346
The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on.
Source: CVE-2022-0346