HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php. Date published : 2022-04-26 https://rydzak.me/2022/04/cve-2022-26564/ https://www.hoteldruid.com
Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.1, the UserBookmarkSerializer serialized the whole User / Group object, which leaked some private...
Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though...
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. Date published : 2022-04-26 http://cuppa.com https://github.com/CuppaCMS/CuppaCMS/issues/31
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php. Date published : 2022-04-26 http://cuppa.com https://github.com/CuppaCMS/CuppaCMS/issues/30
Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF). Date published : 2022-04-26 https://www.monstaftp.com/
Monstaftp v2.10.3 was discovered to contain an arbitrary file upload which allows attackers to execute arbitrary code via a crafted file uploaded to the web server. Date published : 2022-04-26 https://www.monstaftp.com/
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php. Date published : 2022-04-26 https://github.com/kabirkhyrul/HMS/discussions/14
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an...
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue...
Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because...
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including...
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure. Date published : 2022-04-26 https://lists.apache.org/thread/com2dyzp3bn2rdrotry90q2zzord4tvt http://www.openwall.com/lists/oss-security/2022/04/26/2
stored xss in GitHub repository getgrav/grav prior to 1.7.33. Date published : 2022-04-26 https://huntr.dev/bounties/b6016e95-9f48-4945-89cb-199b6e072218 https://github.com/getgrav/grav/commit/1c0ed43afa5dc14169e6aa693b38e1a2f7aecad9