CVE-2022-32169
The Bytebase application does not restrict low privilege user to access admin issues for which an unauthorized user can view the OPEN and CLOSED issues by Admin and the affected en ...
Continue Reading
September 28, 2022
CVE-2022-32170
The Bytebase application does not restrict low privilege user to access admin projects for which an unauthorized user can view the projects created by Admin and the affected endpoint i ...
Continue Reading
September 28, 2022
CVE-2022-39029
Smart eVision has inadequate authorization for the database query function. A remote attacker with general user privilege, who is not explicitly authorized to access the information, can access sensit ...
Continue Reading
September 27, 2022
CVE-2022-39035
Smart eVision has insufficient filtering for special characters in the POST Data parameter in the specific function. An unauthenticated remote attacker can inject JavaScript to perform XSS (Stored Cro ...
Continue Reading
September 27, 2022
CVE-2022-38699
Armoury Crate Services logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a ...
Continue Reading
September 27, 2022
CVE-2022-39031
Smart eVision has insufficient authorization for task acquisition function. An unauthorized remote attacker can exploit this vulnerability to acquire the Session IDs of other general users only.Read M ...
Continue Reading
September 27, 2022
CVE-2022-39054
Cowell enterprise travel management system has insufficient filtering for special characters within web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS (Reflected Cross-S ...
Continue Reading
September 27, 2022
CVE-2022-39034
Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this ...
Continue Reading
September 27, 2022
CVE-2022-39034
Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this ...
Continue Reading
September 27, 2022
CVE-2022-36087
OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An a ...
Continue Reading
September 26, 2022
