CVE-2022-1711

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5.

Source: CVE-2022-1711

CVE-2021-42643

cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is written to the website server, and accessing this file can lead to a code execution vulnerability.

Source: CVE-2021-42643

CVE-2021-42644

cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of the website such as the database configuration file (config / config_database) can be read through this vulnerability.

Source: CVE-2021-42644

CVE-2021-42943

Stored cross-site scripting (XSS) in admin/usermanager.php over IPPlan v4.92b allows remote attackers to inject arbitrary web script or HTML via the userid parameter.

Source: CVE-2021-42943

CVE-2022-1723

Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6.

Source: CVE-2022-1723

CVE-2013-10001

A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used.

Source: CVE-2013-10001

CVE-2022-26650

In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource exhaustion. This issue affects Apache ShenYu (incubating) 2.4.0, 2.4.1 and 2.4.2 and is fixed in 2.4.3.

Source: CVE-2022-26650

CVE-2022-1753

A vulnerability, which was classified as critical, was found in WoWonder. Affected is the file /requests.php which is responsible to handle group messages. The manipulation of the argument group_id allows posting messages in other groups. It is possible to launch the attack remotely but it might require authentication. A video explaining the attack has been disclosed to the public.

Source: CVE-2022-1753

CVE-2022-23670

A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.

Source: CVE-2022-23670

CVE-2022-1587

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.

Source: CVE-2022-1587