• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号

CVE漏洞

RSS
  • CVE-2022-2189
    CVE-2022-2189
    The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $_SERVER parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web brow ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:1095 | 回复:0
  • CVE-2022-2219
    CVE-2022-2219
    The Unyson WordPress plugin before 2.7.27 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:658 | 回复:0
  • CVE-2022-2239
    CVE-2022-2239
    The Request a Quote WordPress plugin through 2.3.7 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:935 | 回复:0
  • CVE-2022-2240
    CVE-2022-2240
    The Request a Quote WordPress plugin through 2.3.7 does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection o ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:664 | 回复:0
  • CVE-2022-2299
    CVE-2022-2299
    The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:1102 | 回复:0
  • CVE-2022-2340
    CVE-2022-2340
    The W-DALIL WordPress plugin through 2.0 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the u ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:930 | 回复:0
  • CVE-2022-2341
    CVE-2022-2341
    The Simple Page Transition WordPress plugin through 1.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:928 | 回复:0
  • CVE-2020-28422
    CVE-2020-28422
    All versions of package git-archive are vulnerable to Command Injection via the exports function.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:608 | 回复:0
  • CVE-2020-28435
    CVE-2020-28435
    This affects all versions of package ffmpeg-sdk. The injection point is located in line 9 in index.js.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:645 | 回复:0
  • CVE-2020-28436
    CVE-2020-28436
    This affects all versions of package google-cloudstorage-commands.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:586 | 回复:0
  • CVE-2020-28438
    CVE-2020-28438
    This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:788 | 回复:0
  • CVE-2020-28441
    CVE-2020-28441
    This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This c ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:712 | 回复:0
  • CVE-2020-28443
    CVE-2020-28443
    This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:908 | 回复:0
  • CVE-2020-28445
    CVE-2020-28445
    This affects all versions of package npm-help. The injection point is located in line 13 in index.js file in export.latestVersion() function.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:1366 | 回复:0
  • CVE-2020-28446
    CVE-2020-28446
    The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:562 | 回复:0
  • CVE-2020-28447
    CVE-2020-28447
    This affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopen(filepath)……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:646 | 回复:0
  • CVE-2020-28455
    CVE-2020-28455
    This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:729 | 回复:0
  • CVE-2020-28459
    CVE-2020-28459
    This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the link.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:602 | 回复:0
  • CVE-2020-28461
    CVE-2020-28461
    This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:672 | 回复:0
  • CVE-2020-28462
    CVE-2020-28462
    This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:948 | 回复:0
  • CVE-2020-28471
    CVE-2020-28471
    This affects the package properties-reader before 2.2.0.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:677 | 回复:0
  • CVE-2020-7649
    CVE-2020-7649
    This affects the package snyk-broker before 4.73.0. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:642 | 回复:0
  • CVE-2020-7677
    CVE-2020-7677
    This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sani ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:797 | 回复:0
  • CVE-2020-7678
    CVE-2020-7678
    This affects all versions of package node-import. The params argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located i ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:603 | 回复:0
  • CVE-2021-23373
    CVE-2021-23373
    All versions of package set-deep-prop are vulnerable to Prototype Pollution via the main functionality.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:591 | 回复:0
  • CVE-2021-23397
    CVE-2021-23397
    All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main (merge) function. Maintainer suggests using @generates/merger instead.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:859 | 回复:0
  • CVE-2021-23451
    CVE-2021-23451
    The package otp-generator before 3.0.0 are vulnerable to Insecure Randomness due to insecure generation of random one-time passwords, which may allow a brute-force attack.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:632 | 回复:0
  • CVE-2022-0670
    CVE-2022-0670
    A flaw was found in Openstack manilla owning a Ceph File system share, which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the volumes p ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:616 | 回复:0
  • CVE-2022-1232
    CVE-2022-1232
    Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:611 | 回复:0
  • CVE-2022-1305
    CVE-2022-1305
    Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:602 | 回复:0
  • CVE-2022-1306
    CVE-2022-1306
    Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:633 | 回复:0
  • CVE-2022-1307
    CVE-2022-1307
    Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:612 | 回复:0
  • CVE-2022-1308
    CVE-2022-1308
    Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:649 | 回复:0
  • CVE-2022-1309
    CVE-2022-1309
    Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:759 | 回复:0
  • CVE-2022-1310
    CVE-2022-1310
    Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:18 | 阅读:774 | 回复:0
  • CVE-2022-2193
    CVE-2022-2193
    Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:17 | 阅读:1225 | 回复:0
  • CVE-2022-35405
    CVE-2022-35405
    Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:17 | 阅读:1125 | 回复:0
  • CVE-2022-27544
    CVE-2022-27544
    BigFix Web Reports authorized users may see SMTP credentials in clear text.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:17 | 阅读:706 | 回复:0
  • CVE-2022-27545
    CVE-2022-27545
    BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:17 | 阅读:650 | 回复:0
  • CVE-2022-27579
    CVE-2022-27579
    A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi Soft Designer in all versions up to and including 1.9.4 SP1 allows an attacker to craft malicious proje ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:17 | 阅读:802 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap