An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field. Date published : 2022-05-04 https://github.com/YavuzSahbaz/CVE-2022-28508/blob/main/MantisBT%202.25.2%20XSS%20vulnurability https://mantisbt.org/
The function wav_format_write in libwav.c in libwav through 2017-04-20 has an Use of Uninitialized Variable vulnerability. Date published : 2022-05-04 https://github.com/marc-q/libwav/issues/29 https://github.com/tin-z/Stuff_and_POCs/blob/main/poc_libwav/POC
Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality. Date published : 2022-05-04 https://github.com/appneta/tcpreplay/issues/723 https://github.com/appneta/tcpreplay/pull/720
MyBatis PageHelper v1.x.x-v5.x.x was discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter. Date published : 2022-05-04 https://github.com/pagehelper/Mybatis-PageHelper https://github.com/pagehelper/Mybatis-PageHelper.git
Poultry Farm Management System v1.0 was discovered to contain a SQL injection vulnerability via the Item parameter at /farm/store.php. Date published : 2022-05-04 https://github.com/IbrahimEkimIsik/CVE-2022-28099/blob/main/SQL%20Injection%20For%20Poultry%20Farm%20Management%20system%201.0 https://www.sourcecodester.com/php/15230/poultry-farm-management-system-free-download.html
Skycaiji v2.4 was discovered to contain a remote code execution (RCE) vulnerability via /SkycaijiApp/admin/controller/Develop.php. Date published : 2022-05-04 https://github.com/zorlan/skycaiji/issues/39
Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=. Date published : 2022-05-04 https://gitee.com/jspxcms/Jspxcms/issues/I4ZKDR
Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the list parameter at /goform/SetNetControlList. Date published : 2022-05-04 https://github.com/eeeeeeeeeeeeeeeea/IOT-vulhub/tree/main/TendaAX12
A reflected cross-site scripting (XSS) vulnerability in the component Query.php of arPHP v3.6.0 allows attackers to execute arbitrary web scripts. Date published : 2022-05-04 https://albarbari.com/2022/03/24/arPHP-xss.html
Seacms v11.6 was discovered to contain a remote command execution (RCE) vulnerability via the Mail Server Settings. Date published : 2022-05-04 https://github.com/likCodinG/seacms_vul/issues/1
An incorrect access control issue in Sandboxie Classic v5.55.13 allows attackers to cause a Denial of Service (DoS) in the Sandbox via a crafted executable. Date published : 2022-05-04 https://github.com/sandboxie-plus/Sandboxie/issues/1714
Libarchive v3.6.0 was discovered to contain a read memory access vulnerability via the function lzma_decode. Date published : 2022-05-04 https://github.com/libarchive/libarchive/issues/1672
An OS Command Injection vulnerability in the configuration parser of Eve-NG Professional through 4.0.1-65 and Eve-NG Community through 2.0.3-112 allows a remote authenticated attacker to execute commands as root by editing virtualization command parameters...
In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link. Date published : 2022-05-04 http://nopcommerce.com https://tf1t.gitbook.io/mycve/nopcommerce/open-redirect-on-nopcommerce-4.50.1