CVE-2022-2756 : KAREADITA KAVITA UP TO 0.5.4.0 SERVER-SIDE REQUEST FORGERY

Description

Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1.

References

https://huntr.dev/bounties/95e7c181-9d80-4428-aebf-687ac55a9216

https://github.com/kareadita/kavita/commit/9c31f7e7c81b919923cb2e3857439ec0d16243e4

For More Information

MITRE

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2023-0240 : LINUX KERNEL UP TO 5.10.160 IO_URING IO_PREP_ASYNC_WORK USE AFTER FREE

CVE-2023-0240 : LINUX KERNEL UP TO 5.10.160 IO_URING IO_PREP_ASYNC_WORK USE AFTER FREE

Description There is a logic error in io_uring’s implementation which can be used to trigger a use-after-free vulnerability leading to

CVE-2023-0556 : CONTENTSTUDIO PLUGIN UP TO 1.2.5 ON WORDPRESS CSTU_GET_METADATA AUTHORIZATION

CVE-2023-0556 : CONTENTSTUDIO PLUGIN UP TO 1.2.5 ON WORDPRESS CSTU_GET_METADATA AUTHORIZATION

Description The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions

CVE-2022-48108 : D-LINK DIR-878 1.30B08 SUBNETMASK COMMAND INJECTION

CVE-2022-48108 : D-LINK DIR-878 1.30B08 SUBNETMASK COMMAND INJECTION

Description D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to