A vulnerability, which was classified as problematic, was found in Student Information System 1.0. Affected is admin/?page=students of the Student Roll module. The manipulation with the input leads to authenticated cross site scripting. Exploit...
A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file. Date published : 2022-05-23 https://github.com/LibreDWG/libredwg/issues/350
A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file. Date published : 2022-05-23 https://github.com/LibreDWG/libredwg/issues/351
The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting (XSS) vulnerability. When any user opens a particular blog hosted on an attackers’ site, XSS may occur. Date published : 2022-05-23...
JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the...
In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation...
Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, subsequently allowing them to...
Annke N48PBB (Network Video Recorder) products of version 3.4.106 build 200422 and prior are vulnerable to a stack-based buffer overflow, which allows an unauthorized remote attacker to execute arbitrary code with the same privileges...
The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes untrusted data, which could allow a remote attacker access to system level permission commands and local privilege escalation. Date published...
Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection. Date published : 2022-05-23 https://github.com/bigb0x/CVEs/blob/main/Blockchain-AltExchanger-121-sqli.md
Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_marketboxslider marketcurrency SQL injection. Date published : 2022-05-23 https://github.com/bigb0x/CVEs/blob/main/Blockchain-AltExchanger-121-sqli.md
Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger 2.2.1 allow Chart/TradingView/chart_content/master.php symbol SQL injection. Date published : 2022-05-23 https://github.com/bigb0x/CVEs/blob/main/Blockchain-AltExchanger-121-sqli.md https://github.com/bigb0x/CVEs/blob/main/Inout-Blockchain-FiatExchanger-221-sqli.md
Quick Heal Total Security before 12.1.1.27 allows DLL hijacking during installation. Date published : 2022-05-23 CVE-2022-31467 Quick Heal Total Security before 12.1.1.27 allows DLL hijacking during installation.
Quick Heal Total Security before 12.1.1.27 has a TOCTOU race condition that leads to privilege escalation. It may follow a symlink that was created after a malware check. Date published : 2022-05-23 CVE-2022-31466: Quick...