HashiCorp Consul and Consul Enterprise through 2022-04-12 allow SSRF. Date published : 2022-04-19 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393
A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code and/or...
An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3. Date published : 2022-04-19 https://www.formalms.org/download.html https://www.swascan.com/it/security-blog/
** DISPUTED ** ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage via content/apps/installer/classes/Helper.php. When the web program is installed, a new environment file is created, and the database information is recorded, including the database record...
Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated...
Cross-site scripting (XSS) vulnerability in the Asset module’s asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or...
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = ‘origin’, opts = {}) function, the remote parameter is passed to the git fetch subcommand...
A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor. This issue affects: Abacus ERP v2022 versions prior to R1 of 2022-01-15; v2021 versions prior...
Open redirect vulnerability via endpoint authorize_and_redirect/?redirect= in GitHub repository posthog/posthog prior to 1.34.1. Date published : 2022-04-19 https://huntr.dev/bounties/c13258a2-30e3-4261-9a3b-2f39c49a8bd6 https://github.com/posthog/posthog/commit/859d8ed9ac7c5026db09714a26c85c1458abb038
Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n) is vulnerable to Buffer Overflow via the Password reset feature. Date published : 2022-04-18 https://k4m1ll0.com/cve-tplink-tlwr840n-euV620-password-reset.html
Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library. Date published : 2022-04-18 https://security.gentoo.org/glsa/202209-03 https://bugzilla.redhat.com/show_bug.cgi?id=2016448
Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library. Date published : 2022-04-18 https://security.gentoo.org/glsa/202209-03 https://bugzilla.redhat.com/show_bug.cgi?id=2016439
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library. Date published : 2022-04-18 https://security.gentoo.org/glsa/202209-03 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383
A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid. Date published : 2022-04-18 https://security.gentoo.org/glsa/202209-03 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28843