CVE-2022-2957 A critical vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script. The file /mkshop/Men/profile.php is affected.
Another critical vulnerability has been found in the virtual shopping cart software SourceCodester Simple and Nice Shopping Cart Script. The vulnerability is located in the
CVE-2022-2796 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.4.
XSS is when data from one site is injected into another site via a vulnerable script. GitHub is a great example of this. As user
CVE-2022-32768 Multiple authentication bypass vulnerabilities in WWBN AVideo 11.6 and dev master commit 3f7c0364
This can be exploited by an attacker by sending an HTTP request to the vulnerable plugin with a specially-crafted parameter. This can be exploited by
CVE-2022-2388 The WP Coder plugin before 2.5.3 didn't have CSRF check when deleting code, which could allow attackers to make a logged in admin delete arbitrary ones.
Multiple logged in users can also delete code in a project. WordPress 4.7 fixes this vulnerability by including CSRF protection for actions that can
CVE-2022-2379 The Easy Student Results plugin through 2.2.8 has an unauthated REST API. Users can retrieve information about courses, exams, departments, and students' grades and PII.
Furthermore, the plugin lacks a secure password system and an internal firewall, making it vulnerable to various security threats. It is important to note that
Episode
00:00:00
00:00:00