An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete. Date...
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF. Date published : 2022-03-30 https://sonatype.com https://support.sonatype.com/hc/en-us/articles/5011047953555
spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer....
Online Banking System Protect v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the pages parameter. Date published : 2022-03-30 http://online.com https://github.com/erik-451/CVE/blob/main/CVE-2022-26646/README.md
A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function. Date published : 2022-03-30 http://online.com...
Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via parameters on user profile, system_info and accounts management. Date published : 2022-03-30 http://online.com https://github.com/erik-451/CVE/tree/main/CVE-2022-26644
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute arbitrary codes on the vulnerable server. This...
Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary code. This issue affects: Profelis IT Consultancy...
Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher. Date published : 2022-03-30 https://lists.apache.org/thread/hwnw7xr969sg5nv84wz75nfr2c76fl93
totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism. Date published : 2022-03-30 https://github.com/chibataiki/iot-vuls/blob/main/totolink/missing-authentication.md
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma...
PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP’s XML parsing in their...
QingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability in all search functions. Date published : 2022-03-30 https://github.com/78778443/QingScan/issues/17
phpshe V1.8 is affected by a denial of service (DoS) attack in the registry’s verification code, which can paralyze the target service. Date published : 2022-03-30 https://github.com/zpxlz/phpshe/