CVE-2022-1711
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5.
Source: CVE-2022-1711
CVE-2022-1711
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5.
Source: CVE-2022-1711
CVE-2021-42643
cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is written to the website server, and accessing this file can lead to a code execution vulnerability.
Source: CVE-2021-42643
CVE-2021-42644
cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of the website such as the database configuration file (config / config_database) can be read through this vulnerability.
Source: CVE-2021-42644
CVE-2021-42943
Stored cross-site scripting (XSS) in admin/usermanager.php over IPPlan v4.92b allows remote attackers to inject arbitrary web script or HTML via the userid parameter.
Source: CVE-2021-42943
CVE-2022-1723
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6.
Source: CVE-2022-1723
CVE-2013-10001
A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used.
Source: CVE-2013-10001
CVE-2022-26650
In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource exhaustion. This issue affects Apache ShenYu (incubating) 2.4.0, 2.4.1 and 2.4.2 and is fixed in 2.4.3.
Source: CVE-2022-26650
CVE-2022-1753
A vulnerability, which was classified as critical, was found in WoWonder. Affected is the file /requests.php which is responsible to handle group messages. The manipulation of the argument group_id allows posting messages in other groups. It is possible to launch the attack remotely but it might require authentication. A video explaining the attack has been disclosed to the public.
Source: CVE-2022-1753
CVE-2022-23670
A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.
Source: CVE-2022-23670
CVE-2022-1587
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.
Source: CVE-2022-1587