CVE-2022-25926 : WINDOW-CONTROL UP TO 1.4.4 SENDKEYS COMMAND INJECTION

Description Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper

Description Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to

Description A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0

Description Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers

Description lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file

Description authentik is an open-source Identity Provider focused on flexibility and versatility. Versions prior to 2022.11.4 and 2022.10.4 are vulnerable

Description Comparison of Object References Instead of Object Contents in GitHub repository usememos/memos prior to 0.9.1. References https://huntr.dev/bounties/33924891-5c36-4b46-b417-98eaab688c4c https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 For

Description A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 allows remote unauthenticated attackers to execute arbitrary

Description Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell.

Description IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in CAA

Description The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the

Description Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific function does not sanitize the input

Description The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for

Description An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete

Description A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable

Description The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An

Description Memory corruption in Core due to improper configuration in boot remapper. References https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin For More Information MITRE

Description A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to

Description Memory corruption in SPI buses due to improper input validation while reading address configuration from spi buses in Snapdragon

Description Unauthenticated remote arbitrary code execution. References https://support.citrix.com/article/CTX474995 For More Information MITRE

Description There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets

Description A vulnerability was found in RainyGao DocSys. It has been declared as critical. This vulnerability affects the function getReposAllUsers