CVE-2022-21831 An attacker can inject code in the Active Storage v5.2.0 code injection vulnerability to execute.
An attacker would need to inject malicious code into Active Storage via image_processing arguments to exploit this vulnerability. Active Storage is an image processing
CVE-2022-29405 In Apache Archiva, any registered user can reset password for any users
There is no option to change password for a user anywhere.
There is no option to change password for a user anywhere. User profiles are
CVE-2022-22977 VMware Tools contains an XXE vulnerability.
XXE is a type of cross-site scripting (XSS) vulnerability that occurs when untrusted data is fed into a web application. Depending on the context in
CVE-2022-1386 The Fusion Builder WordPress plugin before 3.6.2 doesn't validate a parameter in its forms, which could be used to initiate HTTP requests and return data in the application's response.
To exploit this vulnerability, an attacker would have to host a malicious configuration file on a publicly accessible server, such as a web server on
![CVE-2022-1463 The Booking Calendar plugin is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode up to and including version 9.1](https://storage.ghost.io/c/f0/4a/f04ab6a7-2899-4451-89ec-fc03b7757446/content/images/size/w720/2022/08/CVE-2022-1463.png)
CVE-2022-1463 The Booking Calendar plugin is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode up to and including version 9.1
If a user is able to access the booking calendar via a route such as http://host/booking-calendar/(booking_location) they could inject arbitrary code
Episode
00:00:00
00:00:00