CVE-2022-22965 An MVC or Spring WebFlux application may be vulnerable to remote code execution if it runs on Tomcat as a WAR deployment.
If the application is running on JDK 9, i.e. Spring Boot 1.4 or later, it is not vulnerable. It is possible for an
CVE-2022-0983 An SQL injection risk was identified in Badges code relating to configuring criteria
The risk was mitigated by restricting the Badges feature to users with the “Managers” and “Teachers” roles. A “Configure Criteria” form was created for teachers
CVE-2022-0842 McAfee Enterprise ePolicy Orchestrator 5.10 prior to 5.10 Update 13 has a blind SQL injection vulnerability that allows a remote attacker to obtain information from the ePO database.
This vulnerability is due to the fact that a blind SQL injection flaw exists in the McAfee ePolicy Orchestrator web application that can be exploited
CVE-2022-26186 TOTOLINK N600R V4.3.0cu.7570_B20200620 had a command injection vulnerability via the exportOvpn interface.
An attacker can send a specially crafted request to cstecgi.cgi script-injection point, resulting in the complete takeover of the application and the ability to
CVE-2022-25517 - SQL Injection Vulnerability in MyBatis Plus v3.4.3 via AbstractWrapper.java Column Parameter
MyBatis Plus is a popular enhancement of the MyBatis framework, widely used in Java applications for simplifying database operations. In early 2022, researchers discovered a
Episode
00:00:00
00:00:00