Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file....
An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file. Date published : 2022-05-19 https://forum.avast.com/index.php?topic=317641.0 https://github.com/netero1010/Vulnerability-Disclosure/tree/main/CVE-2022-AVAST1
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=delete_client. Date published : 2022-05-19 https://github.com/playZG/Exploit-/blob/main/Online%20Sports%20Complex%20Booking%20System/Online%20Sports%20Complex%20Booking%20System%201.0%20SQL%20Injection%28%E4%BA%8C%29.md https://packetstormsecurity.com/files/166598/Online-Sports-Complex-Booking-System-1.0-SQL-Injection.html
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters. Date published : 2022-05-19 https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4
A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire. Date published : 2022-05-19 https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4
Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML. Date published : 2022-05-19 https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input. Date published : 2022-05-19 https://github.com/go-yaml/yaml/issues/666
An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access. Date published : 2022-05-19...
A remote code execution (RCE) vulnerability in Subconverter v0.7.2 allows attackers to execute arbitrary code via crafted config and url parameters. Date published : 2022-05-19 https://gist.github.com/CwithW/01a726e5af709655d6ee0b2067cdae03 https://github.com/tindy2013/subconverter/commit/ce8d2bd0f13f05fcbd2ed90755d097f402393dd3
In Spring Security versions 5.5.6 and 5.5.7 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly...
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does...
Vulnerability in Oracle E-Business Suite (component: Manage Proxies). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful...
Use After Free in GitHub repository vim/vim prior to 8.2.4979. Date published : 2022-05-19 https://huntr.dev/bounties/f6739b58-49f9-4056-a843-bf76bbc1253e https://github.com/vim/vim/commit/28d032cc688ccfda18c5bbcab8b50aba6e18cde5
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. Date published : 2022-05-19 https://huntr.dev/bounties/8c969cba-eef2-4943-b44a-4e3089599109 https://github.com/vim/vim/commit/e2bd8600b873d2cd1f9d667c28cba8b1dba18839