Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow in the setSmartPowerManagement function. Date published : 2022-03-23 https://noob3xploiter.medium.com/hacking-the-tenda-ac10-1200-router-part-4-sscanf-buffer-overflow-75ae0e06abb6
Stored Cross-Site Scripting (XSS) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers with contributor or higher user role to inject the malicious code. Date published : 2022-03-23 https://patchstack.com/database/vulnerability/yoo-slider/wordpress-yoo-slider-plugin-2-0-0-stored-cross-site-scripting-xss-vulnerability Yoo...
Cross-Site Request Forgery (CSRF) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers to trick authenticated users into unwanted slider duplicate or delete action. Date published : 2022-03-23 https://patchstack.com/database/vulnerability/yoo-slider/wordpress-yoo-slider-plugin-2-0-0-cross-site-request-forgery-csrf-vulnerability-leading-to-slider-duplicate-delete Yoo...
Passwork On-Premise Edition before 4.6.13 has multiple XSS issues. Date published : 2022-03-23 https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2 https://passwork.me
Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems. Date published : 2022-03-23 https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2 https://passwork.me
Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files). Date published : 2022-03-23 https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2 https://passwork.me
Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files). Date published : 2022-03-23 https://gist.github.com/garakh/e0e2fe6d6e234f0595dea6a8141568f2 https://passwork.me
Money Transfer Management System Version 1.0 allows an authenticated user to inject SQL queries in ‘mtms/admin/?page=transaction/view_details’ via the ‘id’ parameter. Date published : 2022-03-23 https://fluidattacks.com/advisories/jagger/
Money Transfer Management System Version 1.0 allows an unauthenticated user to inject SQL queries in ‘admin/maintenance/manage_branch.php’ and ‘admin/maintenance/manage_fee.php’ via the ‘id’ parameter. Date published : 2022-03-23 https://fluidattacks.com/advisories/berry/
Money Transfer Management System Version 1.0 allows an attacker to inject JavaScript code in the URL and then trick a user into visit the link in order to execute JavaScript code. Date published :...
OpenEMR v6.0.0 was discovered to contain an incorrect access control issue. Date published : 2022-03-23 https://github.com/openemr https://securityforeveryone.com/blog/openemr-0-day-incorrect-access-control-vulnerability-cve-2022-25041
wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry. Date published : 2022-03-23 Operation Dragon Castling: APT group targeting betting companies https://www.wps.com
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All unpatched versions of Argo CD starting with 1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially...
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx...