CVE-2021-41559
Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.
Source: CVE-2021-41559
[월:] 2022년 06월
CVE-2020-19897
CVE-2020-19897
A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter.
Source: CVE-2020-19897
CVE-2020-19896
CVE-2020-19896
File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php.
Source: CVE-2020-19896
CVE-2022-24444
CVE-2022-24444
Silverstripe silverstripe/framework through 4.10 allows Session Fixation.
Source: CVE-2022-24444
CVE-2022-25238
CVE-2022-25238
Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code.
Source: CVE-2022-25238
CVE-2022-31886
CVE-2022-31886
Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the user a malicious form.
Source: CVE-2022-31886
CVE-2022-31883
CVE-2022-31883
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys.
Source: CVE-2022-31883
CVE-2022-31885
CVE-2022-31885
Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts.
Source: CVE-2022-31885
CVE-2021-3431
CVE-2021-3431
Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9
Source: CVE-2021-3431
CVE-2022-2231
CVE-2022-2231
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.,2.
Source: CVE-2022-2231