A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to execute arbitrary code via a crafted payload injected into the display fields. Date published : 2022-03-21 https://github.com/beekeeper-studio/beekeeper-studio/issues/1051
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to...
The package ungit before 1.5.20 are vulnerable to Remote Code Execution (RCE) via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values (remote and ref) are passed to the git...
In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password...
guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue...
mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could...
HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). By putting a common XSS payload in a markdown file, if opened with the app, will execute several times. Date published : 2022-03-21 https://github.com/zhuzhuyule/HexoEditor/issues/3
The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands. Date published : 2022-03-21 https://www.cryptnetix.com/blog/2022/03/19/Snapt-Aria-Vulnerability-Disclosure.html https://www.snapt.net/platforms/aria-adc
An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e-mails from spoofed users’ accounts. Date published : 2022-03-21 https://www.cryptnetix.com/blog/2022/03/19/Snapt-Aria-Vulnerability-Disclosure.html https://www.snapt.net/platforms/aria-adc
A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. Date published : 2022-03-21 https://www.cryptnetix.com/blog/2022/03/19/Snapt-Aria-Vulnerability-Disclosure.html https://www.snapt.net/platforms/aria-adc
An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS). Date published : 2022-03-21 Home https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23352
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability. Date published : 2022-03-21 Home https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23350
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF). Date published : 2022-03-21 Home https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23349
BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes. Date published : 2022-03-21 Home https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23348