-
CVE-2022-26777
•
published on April 16, 2022
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details.
-
CVE-2022-26777
•
published on April 16, 2022
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license details.
-
CVE-2022-1380
•
published on April 16, 2022
Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie.
-
CVE-2022-1380
•
published on April 16, 2022
Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie.
-
CVE-2022-1380
•
published on April 16, 2022
Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie.
-
CVE-2022-1380
•
published on April 16, 2022
Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie.
-
CVE-2022-29287
•
published on April 15, 2022
Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights (default is Administrator) to export the user options of any user, even ones with higher privileges (like Global Administrators) than the current user. The exported XML contains every option of the exported user (even the hashed password).
-
CVE-2022-29287
•
published on April 15, 2022
Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights (default is Administrator) to export the user options of any user, even ones with higher privileges (like Global Administrators) than the current user. The exported XML contains every option of the exported user (even the hashed password).
-
CVE-2022-29287
•
published on April 15, 2022
Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights (default is Administrator) to export the user options of any user, even ones with higher privileges (like Global Administrators) than the current user. The exported XML contains every option of the exported user (even the hashed password).
-
CVE-2022-29287
•
published on April 15, 2022
Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights (default is Administrator) to export the user options of any user, even ones with higher privileges (like Global Administrators) than the current user. The exported XML contains every option of the exported user (even the hashed password).
-
CVE-2022-29020
•
published on April 15, 2022
ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar.
-
CVE-2022-29020
•
published on April 15, 2022
ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar.
-
CVE-2022-29020
•
published on April 15, 2022
ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar.
-
CVE-2022-29020
•
published on April 15, 2022
ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar.
-
CVE-2022-1365
•
published on April 15, 2022
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5.
-
CVE-2022-1365
•
published on April 15, 2022
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5.
-
CVE-2022-1365
•
published on April 15, 2022
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5.
-
CVE-2022-1365
•
published on April 15, 2022
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5.
-
CVE-2022-29281
•
published on April 15, 2022
Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program (or theft of NTLM credentials via an SMB relay attack, because the application resolves UNC paths).
-
CVE-2022-29281
•
published on April 15, 2022
Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program (or theft of NTLM credentials via an SMB relay attack, because the application resolves UNC paths).