CVE-2022-25926 : WINDOW-CONTROL UP TO 1.4.4 SENDKEYS COMMAND INJECTION

Description

Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization.

References

https://github.com/bruno-robert/window-control/commit/075c854534a749d887655a906759f5a7eee95173

https://github.com/bruno-robert/window-control/releases/tag/v1.4.5

https://security.snyk.io/vuln/SNYK-JS-WINDOWCONTROL-3186345

For More Information

MITRE

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2023-0556 : CONTENTSTUDIO PLUGIN UP TO 1.2.5 ON WORDPRESS CSTU_GET_METADATA AUTHORIZATION

CVE-2023-0556 : CONTENTSTUDIO PLUGIN UP TO 1.2.5 ON WORDPRESS CSTU_GET_METADATA AUTHORIZATION

Description The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions

CVE-2022-48108 : D-LINK DIR-878 1.30B08 SUBNETMASK COMMAND INJECTION

CVE-2022-48108 : D-LINK DIR-878 1.30B08 SUBNETMASK COMMAND INJECTION

Description D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to

CVE-2022-47767 : SOLAR-LOG GATEWAY UP TO 4.2.7/5.1.1 SLCORE BACKDOOR

CVE-2022-47767 : SOLAR-LOG GATEWAY UP TO 4.2.7/5.1.1 SLCORE BACKDOOR

Description A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker.