Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Date published : 2022-05-31 https://huntr.dev/bounties/67ca4d3b-9175-43c1-925c-72a7091bc071 https://github.com/vim/vim/commit/71223e2db87c2bf3b09aecb46266b56cda26191d
Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3. Date published : 2022-05-31 https://huntr.dev/bounties/3fda8902-68ee-4734-86a3-9551ab17c893 https://github.com/polonel/trudesk/commit/b7c15180b6d4e556ad05d0881eb72d8b2f1637a0
The TikTok application before 23.8.4 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached...
Use After Free in GitHub repository mruby/mruby prior to 3.2. Date published : 2022-05-30 https://huntr.dev/bounties/99e6df06-b9f7-4c53-a722-6bb89fbfb51f https://github.com/mruby/mruby/commit/aa7f98dedb68d735a1665d3a289036c88b0c47ce
Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3. Date published : 2022-05-30 https://huntr.dev/bounties/50c4cb63-65db-41c5-a16d-0560d7131fde https://github.com/polonel/trudesk/commit/314540864dbf2c0eaa99aa42c3d317de9501eb67
The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when...
The Amazon Link WordPress plugin through 3.2.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is...
The Call&Book Mobile Bar WordPress plugin through 1.2.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html...
The Birthdays Widget WordPress plugin through 1.7.18 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html...
The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF. Date published : 2022-05-30 https://wpscan.com/vulnerability/3843b867-7784-4976-b5ab-8a1e7d45618a
The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The...
The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to...
The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible. Date published :...
The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed...