CVE-2022-40180 Desigo PXM30-1, PXM30.E, PXM40-1, PXM40.E, PXM50-1 have multiple vulnerabilities.
This can then be used to control the device operating system, install software, capture screenshots, etc. Depending on the web application and operating system version,
CVE-2022-3220 The Advanced Comment Form WordPress plugin before 1.2.1 has unsafe settings that allow high privilege users to do CSRF attacks.
After the upgrade, any site with an infected comment form will be vulnerable to CSRF attacks. It’s recommended to update your site immediately to
CVE-2022-3154 The Woo Billingo Plus and Integration for Billingo & Gravity Forms WordPress plugins before 4.4.5.4 and 1.0.4, respectively, lack CSRF checks in some AJAX actions.
or purchase add-ons. In addition, the plugin does not offer any protection against CSRF on its Contact Form. The only way to fix this
CVE-2022-36635 The ZKBioSecurity V5000 4.1.3 had a SQL injection vulnerability in /baseOpLog.do.
An attacker can leverage this vulnerability to inject SQL commands into the database or obtain sensitive information by viewing the database.
ZKteco ZKBioSecurity V5000 4.
CVE-2022-39287 Tiny-csrf is a Node.js CSRF protection middleware that encrypts cookies.
Improving security is a top priority for the team. Therefore, we take the severity of these security issues very seriously. We aim to provide the
Episode
00:00:00
00:00:00