CVE-2022-39957 The OWASP ModSecurity CRS is affected by a response body bypass, which allows a client to issue an Accept header with an optional "charset" parameter.
The OWASP ModSecurity CRS is affected by a cross-site request forgery (CSRF) vulnerability. A malicious actor may pose as an innocent third party, to
CVE-2022-38527 CMS v1.6.0 had a XSS vulnerability in the Import function.
This can be exploited by malicious users to inject arbitrary JavaScript into your site's code. A cross-site request forgery (CSRF) vulnerability was
CVE-2022-2754 The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters, which could allow unauthenticated attackers to perform SQL Injection attacks.
through the WordPress admin interface. An attacker can inject a SQL statement by sending a malicious request to the vulnerable server, then by sending a
CVE-2022-1591 The WordPress Ping Optimizer plugin before 2.35.1.3.0 had no CSRF check, which could allow attackers to make a logged in admin change them.
If a logged in user visits an attacker controlled blog, a vulnerability in the WordPress plugin can be exploited to change the settings. WordPress plugin
CVE-2022-3232 Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.5.
The CSRF vulnerability exists in the GitHub v2.4.5 API. The attacker can submit a request to the victim to change the content on
Episode
00:00:00
00:00:00