Common Vulnerabilities and Exposures

Description Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privileged attacker can use

Description A vulnerability has been found in Adminer Login 1.4.4 and classified as problematic. This vulnerability affects unknown code. The

Description ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions

Description Vulnerability in the Oracle Cloud Infrastructure product of Oracle Cloud Services. Easily exploitable vulnerability allows high privileged attacker with

Description Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to

Description A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4.

Description When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) files received from untrusted sources in SAP 3D Visual Enterprise

Description An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a

Description A cross-site scripting (XSS) vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject

Description Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate decompressed data into an intermediate buffer

Description A vulnerability, which was classified as problematic, was found in PHPList 3.2.6. Affected is an unknown function of the

Description ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer. For more information https://owncloud.com/security-advisories/cve-2022-31649/

Description Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client

Description Confluence is a web-based corporate wiki developed by Australian software company Atlassian. On June 02, 2022 Atlassian released a

Description GoCD versions 20.2.0 through 21.4.0 (inclusive) are vulnerable to reflected XSS via abuse of the pipeline comparison function’s error

Description Persistent XSS (or Stored XSS) attack is one of the three major categories of XSS attacks, the others being

Description Several Cross-Site Scripting vulnerabilities in the Curtain WordPress plugin. Due to these Cross-Site Scripting vulnerabilities, an attacker would be

Description It was noted that there is security checking to prevent some of the Avast processes from loading of undesired/unsigned

Description This Security Alert addresses vulnerability CVE-2022-21500, which affects some deployments of Oracle E-Business Suite. This vulnerability is remotely exploitable

Description On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those

Description A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet

Description The kustomize-controller enables the use of Kustomize’s functionality when applying Kubernetes declarative state onto a cluster. A malicious user

Are you having a Spring MVC or Spring WebFlux application running on JDK version 9 or higher? Then ensure that