CVE-2022-36536 An issue in the component post_applogin.php of Super Flexible Software GmbH & Co
Additionally, this issue may allow remote attackers to hijack the authentication of arbitrary users, due to insecure handling of the CSRF protection mechanism. In order
CVE-2022-29240 Scylla is a real-time big data database compatible with Cassandra and DynamoDB. When decompressing CQL frames, the user's provided uncompressed length is assumed to be correct.
3. Attacker that has access to user account and has full privileges can also read uninitialized memory, but then they can also read any memory
CVE-2022-37207 JFinal CMS 5.1.0 is affected by: SQL Injection
when connecting through these interfaces. The following is an example of SQL injection through the Product.category() and Product.description() functions.
1 exec('select
CVE-2022-38594 The mBMS v1.0 was found to have a SQL injection vulnerability via the id parameter.
A remote attacker could exploit this vulnerability to execute arbitrary SQL commands.
It was reported that this management system was publicly accessible on the internet.
CVE-2022-40365 XSS vulnerability in ouqiang gocron through 1.5.3 allows attackers to execute arbitrary code.
XSS exists in function.
/admin/task.php via the value of the name parameter. Attackers can inject arbitrary code in the client-side language via scope.
Episode
00:00:00
00:00:00