CVE-2022-26186 TOTOLINK N600R V4.3.0cu.7570_B20200620 had a command injection vulnerability via the exportOvpn interface.
An attacker can send a specially crafted request to cstecgi.cgi script-injection point, resulting in the complete takeover of the application and the ability to
CVE-2022-25517 - SQL Injection Vulnerability in MyBatis Plus v3.4.3 via AbstractWrapper.java Column Parameter
MyBatis Plus is a popular enhancement of the MyBatis framework, widely used in Java applications for simplifying database operations. In early 2022, researchers discovered a
CVE-2022-26266 - SQL Injection in Piwigo v12.2. via pwg.users.php – Exploit Details and Analysis
Piwigo is a popular open-source photo gallery software used by thousands to manage and share their photos on the web. In early 2022, a serious
CVE-2022-26520 In pgjdbc before 42.3.3, an attacker can write to files through the loggerFile and loggerLevel properties.
In all cases, it is a best practice to configure all JDBC connections with the minimal properties required for the application and server to function.
CVE-2022-0839 In liquibase/liquibase prior to 4.8.0, the GitHub repository had an Improper Restriction of XML Entity Reference. This vulnerability, when exploited, could lead to information disclosure.
This issue affects any application that relies on Liquibase to automatically enforce data integrity rules on a repository’s code base. It may also affect
Episode
00:00:00
00:00:00