ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE). This issue has been patched in version 1.9.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-44262
https://github.com/ff4j/ff4j/issues/624
https://github.com/advisories/GHSA-65hj-9ppw-77xc
Zenario CMS 9.3.57186 is vulnerable to RCE.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-44136
https://com0t.github.io/zenar.io/2022/10/18/Unauthent-RCE-Zenar.io~9.3.html
https://github.com/TribalSystems/Zenario/releases/tag/9.0.57473
https://…
Impact
The crewjam/saml go library is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements.
Patches
This issue has been corrected in version 0.4.9.
Credit
This issue was reported by Felix Wilhelm …
SQL Injection in GitHub repository owncast/owncast prior to 0.0.13.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-3751
https://github.com/owncast/owncast/commit/23b6e5868d5501726c27a3fabbecf49000968591
https://huntr.dev/bounties/a04cff99-5d53-4…
KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor’s pos…
In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely. The fix for this issue is available in version 1.13.1. There is a release checker in issue #89855.
References
https:…
In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-45908
https…
PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS) when a low privileged user, such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.
References
ht…
Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.
References
https://nvd.nist.gov/vuln/detai…
Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-2650
https://github.com/wger-project/wger/commit/5e3167e3a2dc95836fa2607fe201524c031a2c…
