CVE-2022-37620 - How a Simple Regex Crippled html-minifier 4.. (with Exploit Walkthrough)
In August 2022, CVE-2022-37620 brought attention to a critical Denial of Service vulnerability in the popular kangax/html-minifier tool. This bug didn’t require advanced
CVE-2022-35739 - Arbitrary CSS Injection in PRTG Network Monitor—What You Need to Know
CVE ID: CVE-2022-35739
Product: PRTG Network Monitor
Version Affected: Up to 22.2.77.2204
Severity: Medium
Exploitability: Local Access (Authenticated User)
Introduction
In 2022,
CVE-2022-3519 An unknown function of the component Quote Requests Tab is affected by a vulnerability.
According to Cisco advisory, Quote Requests Tab allows creating comments on quotes and could be exploited to inject malicious code. The exploitation of this vulnerability
CVE-2022-37599 A ReDoS flaw was found in Function interpolateName in webpack loader-utils 2.0.0 via the resourcePath variable.
A remote attacker could leverage this vulnerability to cause a denial of service (DoS) condition on a targeted system by injecting malicious JavaScript code into
CVE-2022-40248 An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4
An attacker can inject arbitrary HTML, script, or CSS into the "Product Affected" form field. This can lead to the disclosure of confidential
Episode
00:00:00
00:00:00