CVE-2022-39287 Tiny-csrf is a Node.js CSRF protection middleware that encrypts cookies.
Improving security is a top priority for the team. Therefore, we take the severity of these security issues very seriously. We aim to provide the
CVE-2022-40494 NPS before v0.26.10 had an authentication bypass vulnerability that constantly generated and sent the Auth key and Timestamp parameters.
This can be leveraged to bypass authentication and obtain sensitive information such as user names, email addresses, and other login details.
NPS before v0.26.
CVE-2022-42249 The Cold Storage Management System v1.0 is vulnerable to SQL injection. a>/csms/admin/storages/view_storage.php?id=/a>
An attacker can inject malicious script code via the value of the storage_id parameter to execute arbitrary SQL commands. In addition, the /csms/admin/
CVE-2022-42250 The Cold Storage Management System v1.0 is vulnerable to SQL injection.
An attacker can send a special SQL query to obtain sensitive information such as users’ names, email addresses, or other information.
The application does not
CVE-2022-2986 Enabling and disabling installed H5P libraries failed to protect from CSRF risk.
As a result, it was possible to trick a vulnerable website into installing a malicious H5P library. Malicious actors could craft a CSRF attack that
Episode
00:00:00
00:00:00