CVE-2022-45199 Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
This issue was disclosed to the third party vendor who has confirmed the issue and is working on a patch. It has been reported that
CVE-2022-45130 CSRF attack possible via the /api/v2/cli/commands REST API.
If you have installed Obsidian on your server, it is critical that you review the list of REST API endpoints, as there is a risk
CVE-2022-3726 - How GitLab’s Missing OpenAPI Sandboxing Put Users at Risk
Published: June 2024
Severity: Medium/High
Affected Products: GitLab CE/EE
Vulnerable Versions:
Summary
In late 2022, a significant vulnerability, CVE-2022-3726, was disclosed in GitLab
CVE-2022-43031 DedeCMS v6.1.9 has a CSRF flaw that allows attackers to add administrator accounts and modify admin passwords.
This vulnerability occurs due to the presence of an untrusted data source when a user with the ‘Administrator’ account type tries to login to the
CVE-2022-44551 The iaware module has a vulnerability in thread security
This issue results because thread_id in the password settings is not verified before being used. This can result in an attacker gaining root privileges.
Episode
00:00:00
00:00:00