Security
Headlines
HeadlinesLatestCVEs

Tag

#webkit

CVE-2022-28026: bug_report/SQLi-3.md at main · k0xx11/bug_report

Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=student_p&id=.

CVE
Open in Source
#sql#vulnerability#web#windows#apple#php#chrome#webkit
CVE-2022-28021: bug_report/RCE-1.md at main · k0xx11/bug_report

Purchase Order Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /purchase_order/admin/?page=user.

CVE-2022-1186: Changeset 2701343 for be-popia-compliant – WordPress Plugin Repository

The WordPress plugin Be POPIA Compliant exposed sensitive information to unauthenticated users consisting of site visitors emails and usernames via an API route, in versions up to an including 1.1.5.

CVE-2022-1186: Changeset 2701343 for be-popia-compliant – WordPress Plugin Repository

The WordPress plugin Be POPIA Compliant exposed sensitive information to unauthenticated users consisting of site visitors emails and usernames via an API route, in versions up to an including 1.1.5.

CVE-2022-22665: About the security content of macOS Monterey 12.3

A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.

CVE-2022-22633: About the security content of macOS Big Sur 11.6.5

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.

CVE-2022-22589: About the security content of Safari 15.3

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript.

CVE-2022-22620: About the security content of macOS Monterey 12.2.1

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

CVE-2022-0441: Changeset 2667195 – WordPress Plugin Repository

The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin

CVE-2022-25148: WordPress Plugin WP Statistics <= 13.1.5 - Multiple Unauthenticated SQL Injection vulnerabilities

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.