Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts. Date published : 2022-03-24 https://github.com/anchorcms/anchor-cms https://github.com/butterflyhack/anchorcms-0.12.7-CSRF
Multiple cross-site scripting (XSS) vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name, password, and verification code text boxes. Date...
Bluedon Information Security Technologies Co.,Ltd Internet Access Detector v1.0 was discovered to contain an information leak which allows attackers to access the contents of the password file via unspecified vectors. Date published : 2022-03-24...
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured. Date published : 2022-03-24 https://github.com/ccrisan/motioneye/issues/2292 https://www.pizzapower.me/2022/02/17/motioneye-config-info-disclosure/
Discourse is an open source discussion platform. Versions 2.8.2 and prior in the `stable` branch, 2.9.0.beta3 and prior in the `beta` branch, and 2.9.0.beta3 and prior in the `tests-passed` branch are vulnerable to a...
Geon is a board game based on solving questions about the Pythagorean Theorem. Malicious users can obtain the uuid from other users, spoof that uuid through the browser console and become co-owners of the...
Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed...
Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable...
The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may be subject to downgrade attack which may affect its ability to operate its host. IBM X-Force ID: 221442. Date published : 2022-03-24...
NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, escalation of privileges, and...
Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8. Date published : 2022-03-24 https://huntr.dev/bounties/a7546dae-01c5-4fb0-8a8e-c04ea4e9bac7 https://github.com/radareorg/radare2/commit/d4ce40b516ffd70cf2e9e36832d8de139117d522
Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5. Date published : 2022-03-24 https://huntr.dev/bounties/4fb42144-ac70-4f76-a5e1-ef6b5e55dc0d https://github.com/go-gitea/gitea/commit/e3d8e92bdc67562783de9a76b5b7842b68daeb48
Heap Buffer Overflow in iterate_chained_fixups in GitHub repository radareorg/radare2 prior to 5.6.6. Date published : 2022-03-24 https://huntr.dev/bounties/3b3b7f77-ab8d-4de3-999b-eeec0a3eebe7 https://github.com/radareorg/radare2/commit/0052500c1ed5bf8263b26b9fd7773dbdc6f170c4
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/data-hub prior to 1.2.4. Date published : 2022-03-24 https://huntr.dev/bounties/708971a6-1e6c-4c51-a411-255caeba51df https://github.com/pimcore/data-hub/commit/15d5b57af2466eebd3bbc531ead5dafa35d0a36e