CVE-2022-32218 An information disclosure vulnerability exists in Rocket.Chat v5, v4.8.2, v4.7.5 due to the actionLinkHandler method allowing Message ID Enumeration with Regex MongoDB queries.
This may allow an attacker to retrieve sensitive information about the message such as the chat recipients, sender, date, etc. This may be exploited by
CVE-2022-38470 The Customer Reviews for WooCommerce plugin has a CSRF vulnerability.
When you set up a Customer Reviews for WooCommerce plugin, the plugin generates a secret token for each customer, which is supposed to be kept
CVE-2021-3782 An internal reference count is kept on the buffer pool to track each new buffer.
The reference count can be increased by creating an external reference to a buffer storage object, or creating a large number of external references to
CVE-2022-34026 ICEcoder v8.1 allows attackers to execute a directory traversal.
CVE-2016-1669 An issue was discovered in Dataiku, a software as a service data management tool. It is caused by a SQL injection in the search
CVE-2022-40446 The ZC CMS 2022 had a SQL injection vulnerability in the /admin/sendmailto.php?tomail=&groupid= component.
An attacker can inject arbitrary SQL queries that can lead to information disclosure and/or creation of new user accounts. This vulnerability can be exploited
Episode
00:00:00
00:00:00