CVE-2022-34025 Vesta 1.0.0-5 had a XSS vulnerability via the post function at /web/api/v1/upload/UploadHandler.php.
An attacker can exploit this vulnerability by uploading malicious files to the target’s account. A successful exploit can result in session hijacking or information
CVE-2022-26655 Pexip Infinity 27.x before 27.3 has Improper Input Validation
This is caused by a restriction in the client that prevents the team from being created if the remote user does not have admin rights.
CVE-2022-1245 A privilege escalation flaw was found in keycloak's token exchange feature. Missing authorization allows a client application to exchange tokens for any target client.
This issue was reported to keycloak on 2018-02-22, and was fixed in release 3.0.0 on 2018-02-28.
2018-02-25: Medium: Critical: Remote code execution via
CVE-2022-30619 An In-Editorable SQL Query that can be used to send to the Server-Side of a particular API used in legacy Work Center module. Attack is available to any authenticated user, in any kind of rule.
the user can enter any SQL query in a SQL query box and press enter to send the query. the query can be of any
CVE-2022-28127 An API vulnerability in Robustel R1510 3.3.0 allows deletion of arbitrary files.
Robustel has acknowledged this issue and released version R1512.
Vulnerability – SQL Injection
A vulnerability was discovered in Robustel, which can allow attackers to access certain
Episode
00:00:00
00:00:00