CVE-2022-39273 The control plane for the data processing platform Flyte is FlyteAdmin. Users who enable the default Flyte's authorization server are exposed to the public internet.
Users who have changed the ExternalAuthorizationServer setting in the config or have overridden it in their Flyte Admin’s settings will not be vulnerable to
CVE-2022-40895 An unauthenticated, remote attacker could exploit a vulnerability in Nedi products to affect the integrity of a device.
However, this issue has already been fixed in version 1.0.8 of NeDi. This issue has been assigned the CVE-2018-14632 rating. However, some Nedi
CVE-2022-2986 Enabling and disabling installed H5P libraries failed to protect from CSRF risk.
As a result, it was possible to trick a vulnerable website into installing a malicious H5P library. Malicious actors could craft a CSRF attack that
CVE-2022-35156 The Bus Pass Management System 1.0 had a SQL Injection vulnerability via the searchdata parameter.
A user with access to this parameter could exploit this vulnerability to obtain sensitive information about the system, such as the name of a person
CVE-2021-36855 An XSS vulnerability in the Booking Ultra Pro plugin = 1.1.4 at WordPress that is caused by CSRF.
The PoC exploit code is - Injecting XSS via CSRF. Reflected XSS via CSRF vulnerability can lead to serious security vulnerabilities in WordPress. The WordPress
Episode
00:00:00
00:00:00