Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2022-28940: 0day/新华三magicR100存在DOS攻击漏洞分析.md at main · zhefox/0day

In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be accessed without authorization. It sends a large amount of data through ajaxmsg to carry out DOS attack.

CVE
#vulnerability#web#mac#windows#apple#microsoft#linux#rce#oauth#auth#chrome#webkit
Ukraine War Themed Files Become the Lure of Choice for a Wide Range of Hackers

A growing number of threat actors are using the ongoing Russo-Ukrainian war as a lure in various phishing and malware campaigns, even as critical infrastructure entities continue to be heavily targeted. "Government-backed actors from China, Iran, North Korea and Russia, as well as various unattributed groups, have used various Ukraine war-related themes in an effort to get targets to open

CVE-2022-27413: GitHub - HH1F/Hospital-Management-System-V1.0-SQLi

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php.

CVE-2022-27330: GitHub - CP04042K/Full-Ecommece-Website-Add_Product-Stored_XSS-POC

A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field.

CVE-2022-28599: A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS-1.5.1 · Issue #595 · daylightstudio/FUEL-CMS

A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack.

CVE-2022-27466: MCMS 5.2.7 SQLI · Issue #90 · ming-soft/MCMS

MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do.

CVE-2022-28572: CVEIDs/TendaAX18 at main · F0und-icu/CVEIDs

Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function

CVE-2022-28572: TempName/TendaAX18 at main · F0und-icu/TempName

Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function

CVE-2022-29969: ⚓ T307028 XSS in Extension:RSS when $wgRSSAllowLinkTag = true;

The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rss element (if the feed is in $wgRSSUrlWhitelist and $wgRSSAllowLinkTag is true).

CVE-2021-31673: Cyclos 4.14.7 - Dom-based Cross-Site Scripting (CVE-2021-31673)

A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter.