An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin.Read More ...
Continue Reading
July 22, 2022
PrestaShop 1.6.0.10 through 1.7.x before 1.7.8.2 allows remote attackers to execute arbitrary code, aka a "previously unknown vulnerability chain" related to SQL injection, as exploited in the wild in ...
Continue Reading
July 22, 2022
The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload.Read More ...
Continue Reading
July 22, 2022
The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code.Read More ...
Continue Reading
July 22, 2022
The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition.Re ...
Continue Reading
July 22, 2022
The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose informationRead More ...
Continue Reading
July 22, 2022
Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users.Read More ...
Continue Reading
July 22, 2022
The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is prone to stored XSS via a crafted description to the PDF Templates overview page.Read More ...
Continue Reading
July 22, 2022
Back to Main
