CVE-2022-1138 Inappropriate implementation of Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to obscure the contents of the Omnibox by compromising the renderer process.
Google has assigned the highest priority to fixing this issue, and released a beta version of Chrome 70, which protects against this attack by default.
CVE-2022-34534 An malicious API call can access sensitive information on the Watchdog Spectrum Server.
An attacker can craft a request in order to inject data into the server. The server then processes the request and passes the data on
CVE-2022-34025 Vesta 1.0.0-5 had a XSS vulnerability via the post function at /web/api/v1/upload/UploadHandler.php.
An attacker can exploit this vulnerability by uploading malicious files to the target’s account. A successful exploit can result in session hijacking or information
CVE-2022-26655 Pexip Infinity 27.x before 27.3 has Improper Input Validation
This is caused by a restriction in the client that prevents the team from being created if the remote user does not have admin rights.
CVE-2022-1245 A privilege escalation flaw was found in keycloak's token exchange feature. Missing authorization allows a client application to exchange tokens for any target client.
This issue was reported to keycloak on 2018-02-22, and was fixed in release 3.0.0 on 2018-02-28.
2018-02-25: Medium: Critical: Remote code execution via
Episode
00:00:00
00:00:00