• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号

CVE漏洞

RSS
  • CVE-2021-46489
    CVE-2021-46489
    Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_DecrRefCount in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS).……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:08 | 阅读:64 | 回复:0
  • CVE-2021-46490
    CVE-2021-46490
    Jsish v3.5.0 was discovered to contain a SEGV vulnerability via NumberConstructor at src/jsiNumber.c. This vulnerability can lead to a Denial of Service (DoS).……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:08 | 阅读:88 | 回复:0
  • CVE-2021-46491
    CVE-2021-46491
    Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_CommandPkgOpts at src/jsiCmds.c. This vulnerability can lead to a Denial of Service (DoS).……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:08 | 阅读:73 | 回复:0
  • CVE-2022-21707
    CVE-2022-21707
    wasmCloud Host Runtime is a server process that securely hosts and provides dispatch for web assembly (WASM) actors and capability providers. In versions prior to 0.52.2 actors can bypass capability a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:38 | 回复:0
  • CVE-2022-21708
    CVE-2022-21708
    graphql-go is a GraphQL server with a focus on ease of use. In versions prior to 1.3.0 there exists a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with s ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:34 | 回复:0
  • CVE-2022-23363
    CVE-2022-23363
    Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via index.php.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:46 | 回复:0
  • CVE-2022-23364
    CVE-2022-23364
    HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:44 | 回复:0
  • CVE-2022-23365
    CVE-2022-23365
    HMS v1.0 was discovered to contain a SQL injection vulnerability via doctorlogin.php.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:43 | 回复:0
  • CVE-2022-23366
    CVE-2022-23366
    HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:50 | 回复:0
  • CVE-2022-23807
    CVE-2022-23807
    An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication fo ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:35 | 回复:0
  • CVE-2022-23808
    CVE-2022-23808
    An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:37 | 回复:0
  • CVE-2021-4172
    CVE-2021-4172
    Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:44 | 回复:0
  • CVE-2021-4103
    CVE-2021-4103
    Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:41 | 回复:0
  • CVE-2022-23850
    CVE-2022-23850
    xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) through 2.02 allows a stack-based buffer overflow via a crafted EPUB document.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:38 | 回复:0
  • CVE-2021-45380
    CVE-2021-45380
    AppCMS 2.0.101 has a XSS injection vulnerability in \templates\m\inc_head.php……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:40 | 回复:0
  • CVE-2021-46024
    CVE-2021-46024
    Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the id parameter in cart_add.php, No login is required.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:65 | 回复:0
  • CVE-2021-26706
    CVE-2021-26706
    An issue was discovered in lib_mem.c in Micrium uC/OS uC/LIB 1.38.x and 1.39.00. The following memory allocation functions do not check for integer overflow when allocating a pool whose size exceeds t ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:58 | 回复:0
  • CVE-2021-30636
    CVE-2021-30636
    In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and pvPortRealloc.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:54 | 回复:0
  • CVE-2021-39293
    CVE-2021-39293
    In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exis ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:48 | 回复:0
  • CVE-2022-23852
    CVE-2022-23852
    Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:50 | 回复:0
  • CVE-2022-23855
    CVE-2022-23855
    An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An authentication bypass in ECM/maintenance/forgotpasswordstep1 allows an unauthenticated user to reset passwords and logi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:41 | 回复:0
  • CVE-2022-23856
    CVE-2022-23856
    An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An attacker can enumerate users by changing the id parameter, such as for the ECM/maintenance/forgotpasswordstep1 URI.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:36 | 回复:0
  • CVE-2022-23857
    CVE-2022-23857
    model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data f ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:35 | 回复:0
  • CVE-2022-23858
    CVE-2022-23858
    In StarWind Command Center before V2 build 6021, an authenticated read-only user can elevate privileges to administrator through the REST API.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:44 | 回复:0
  • CVE-2021-24423
    CVE-2021-24423
    The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 does not sanitise its updraft_service settings, allowing high privilege users to set malicious JavaScript payload in it and leadi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:42 | 回复:0
  • CVE-2021-24694
    CVE-2021-24694
    The Simple Download Monitor WordPress plugin before 3.9.11 could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attack via 1) color or css_class argument of sdm_d ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:41 | 回复:0
  • CVE-2021-24696
    CVE-2021-24696
    The Simple Download Monitor WordPress plugin before 3.9.9 does not enforce nonce checks, which could allow attackers to perform CSRF attacks to 1) make admins export logs to exploit a separate log dis ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:47 | 回复:0
  • CVE-2021-24733
    CVE-2021-24733
    The WP Post Page Clone WordPress plugin before 1.2 allows users with a role as low as Contributor to clone and view other users' draft and password-protected posts which they cannot view normally. ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:33 | 回复:0
  • CVE-2021-24858
    CVE-2021-24858
    The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin d ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:36 | 回复:0
  • CVE-2021-24865
    CVE-2021-24865
    The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 does not validate the order and orderby parameters before using them in a SQL statement, leading to a SQL Injection issue……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:44 | 回复:0
  • CVE-2021-24906
    CVE-2021-24906
    The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib/pwa-deactivate.php file, which could allow unauthenticated users to disable the plugin (and therefore the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:39 | 回复:0
  • CVE-2021-24923
    CVE-2021-24923
    The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.25 does not escape the sib-statistics-date parameter before outputting it back in an attribute, lead ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:48 | 回复:0
  • CVE-2021-24936
    CVE-2021-24936
    The WP Extra File Types WordPress plugin before 0.5.1 does not have CSRF check when saving its settings, nor sanitise and escape some of them, which could allow attackers to make a logged in admin cha ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:63 | 回复:0
  • CVE-2021-24965
    CVE-2021-24965
    The Five Star Restaurant Reservations WordPress plugin before 2.4.8 does not have capability and CSRF checks in the rtb_welcome_set_schedule AJAX action, allowing any authenticated users to call it. D ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:65 | 回复:0
  • CVE-2021-24968
    CVE-2021-24968
    The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_page AJAX actions, available to any authenticated u ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:51 | 回复:0
  • CVE-2021-24974
    CVE-2021-24974
    The Product Feed PRO for WooCommerce WordPress plugin before 11.0.7 does not have authorisation and CSRF check in some of its AJAX actions, allowing any authenticated users to call then, which could l ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:58 | 回复:0
  • CVE-2021-24976
    CVE-2021-24976
    The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:50 | 回复:0
  • CVE-2021-24985
    CVE-2021-24985
    The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sanitise and escape the field_name and field_type parameters before outputting them back in attributes, leading to Reflected Cross-S ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:52 | 回复:0
  • CVE-2021-24989
    CVE-2021-24989
    The Accept Donations with PayPal WordPress plugin before 1.3.4 does not have CSRF check in place and does not ensure that the post to be deleted belongs to the plugin, allowing attackers to make a log ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:47 | 回复:0
  • CVE-2021-25008
    CVE-2021-25008
    The Code Snippets WordPress plugin before 2.14.3 does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:52 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap