CVE-2022-2399 : GOOGLE CHROME UP TO 100.0.4896.87 WEBGPU USE AFTER FREE
Description Use after free in WebGPU in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap
CVE-2022-20861 : CISCO NEXUS DASHBOARD CONTAINER IMAGE MISSING AUTHENTICATION
Description Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload
CVE-2022-33146 : WEB2PY UP TO 2.22.4 URL REDIRECT
Description Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an
CVE-2022-26668 : ASUS CONTROL CENTER 1.4.2.5 API ACCESS CONTROL
Description ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions
CVE-2021-41750 : NYSTUDIO107 SEOMATIC PLUGIN 3.4.10 ON CRAFT CMS BASE64 ENCODED URL CROSS SITE SCRIPTING
Description A cross-site scripting (XSS) vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject
CVE-2021-33328
Cross-site scripting (XSS) vulnerability in the Asset module’s edit vocabulary page in Liferay Portal 7.0.0 through 7.3.4, and Liferay DXP
VMware ESXi Service Port 5989 improper authentication [CVE-2021-21994]
Description: A vulnerability classified as critical was found in VMware ESXi (Virtualization Software). The vulnerability allows a remote attacker to bypass
CVE-2021-29103
A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able
CVE-2020-35761
bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML Code. (CVSS:0.0) (Last Update:2021-06-16)
Apache PDFbox up to 2.0.23 PDF File infinite loop [CVE-2021-31812]
A vulnerability, which was classified as problematic, was found in Apache PDFbox up to 2.0.23. This affects some unknown processing
Tenda N300 Authentication Bypass via Malformed HTTP Request Header
Overview : Tenda N300 allows Authentication Bypass vuln through Malformed HTTP Request Affected Product(s) : N300/N301 Router Vulnerability Details :
Denial of Service (DoS) vulnerability in the file upload request feature of Atlassian Crucible
Overview : DoS vulnerability in the file upload request feature of Atlassian Crucible Affected Product(s) : version < 4.7.4 4.8.0
BigFix Inventory up to v10.0.2 does have a session cookie issue
Overview : HCL BigFix Inventory does not enforce “secure” attribute for SSO related cookies when SSO is enabled. Web browsers
XSS vulnerability in Dashboards section in Kaa IoT Platform v1.2.0
Overview : Kaa IoT Platform version 1.2.0 suffers from a persistent cross site scripting vulnerability. Affected Product(s) : Kaa IoT
Jira – Open redirect vulnerability using os_destination
CVE-2019-20901 Proof of Concept : The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version
WebKitGTK and WPE WebKit Security Advisory WSA-2020-0004
Overview : A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that
Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small.
Overview : Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated
Multiple vulnerabilities in EasyBlocks IPv6
Overview : Cross-site request forgery (CSRF) vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earlier and Enterprise Ver. 2.0.1 and earlier
security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144.
Overview : A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144.
Apache HTTP Server 2.4 vulnerabilities
Overview : In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might
In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter.
Overview : In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter.codeBeamer versions 9.5
TMM may crash or stop processing new traffic with the DPDK/ENA driver on AWS systems while sending traffic. This issue does not affect any other platforms,
Overview : On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under certain conditions, TMM may crash or stop processing new traffic with
LogicalDoc before 8.3.3 allows SQL Injection
Overview : LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This
Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability
Overview : Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow