CVE-2022-36635 The ZKBioSecurity V5000 4.1.3 had a SQL injection vulnerability in /baseOpLog.do.
An attacker can leverage this vulnerability to inject SQL commands into the database or obtain sensitive information by viewing the database.
ZKteco ZKBioSecurity V5000 4.
CVE-2022-39287 Tiny-csrf is a Node.js CSRF protection middleware that encrypts cookies.
Improving security is a top priority for the team. Therefore, we take the severity of these security issues very seriously. We aim to provide the
CVE-2022-40494 NPS before v0.26.10 had an authentication bypass vulnerability that constantly generated and sent the Auth key and Timestamp parameters.
This can be leveraged to bypass authentication and obtain sensitive information such as user names, email addresses, and other login details.
NPS before v0.26.
CVE-2022-42250 The Cold Storage Management System v1.0 is vulnerable to SQL injection.
An attacker can send a special SQL query to obtain sensitive information such as users’ names, email addresses, or other information.
The application does not
CVE-2022-42249 The Cold Storage Management System v1.0 is vulnerable to SQL injection. a>/csms/admin/storages/view_storage.php?id=/a>
An attacker can inject malicious script code via the value of the storage_id parameter to execute arbitrary SQL commands. In addition, the /csms/admin/
Episode
00:00:00
00:00:00