CRITICAL

[topthink/framework] ThinkPHP deserialization vulnerability

ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6Cache. This vulnerability allows attackers to execute arbitrary code via a crafted payload.
References

https://nvd.nist.go…

[steal] steal vulnerable to Prototype Pollution via key variable in babel.js

Prototype pollution vulnerability in function extend in babel.js in stealjs steal via the key variable in babel.js.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-37266
https://github.com/stealjs/steal/issues/1535
https://github.com/stealjs/stea…

[steal] steal vulnerable to Prototype Pollution via requestedVersion variable

Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal via the requestedVersion variable in the npm-convert.js file.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-37257
https://github.com/stealjs/steal/iss…

[steal] steal vulnerable to Prototype Pollution via optionName variable

Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-37264
https://github.com/stealjs/steal/issues/1533
https://github.com/stealjs/steal/blob/c9dd1eb19ed3…

[org.apache.calcite:calcite-core] Apache Calcite before 1.32.0 vulnerable to potential XML External Entity (XXE) attack

In Apache Calcite prior to version 1.32.0 the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, which makes them vulnerable to a potential XML External Entity …

[pdfkit] PDFKit vulnerable to Command Injection

The package pdfkit is vulnerable to Command Injection where the URL is not properly sanitized.
Note: This issue was patched in 0.8.7.2, but the patch was discovered to be ineffective. The updated patch version is 0.8.7.2
References

https://nvd.nist.go…

[rankmath/seo-by-rank-math] Rank Math SEO plugin vulnerable to Server-Side Request Forgery

Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plugin <= 1.0.95 at WordPress.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-36376
https://rankmath.com/changelog/
https://patchstack.com/database/vulnerability/seo-by-rank-ma…

[com.google.cloud.tools:jib-core] com.google.cloud.tools:jib-core vulnerable to Remote Code Execution (RCE)

The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerable to Remote Code Execution (RCE) via the isDockerInstalled function, due to attempting to execute input.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-25914
https://github.c…

[feehi/cms] FeehiCMS has an arbitrary file upload vulnerability

There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8.1 at the head image upload, that allows attackers to execute relevant PHP code.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-21516
https://github.com/liufee/cms/issues/46
https:…

[org.gluu:oxauth-common] Gluu Oxauth before v4.4.1 vulnerable to Server-Side Request Forgery attacks via a crafted request_uri parameter

Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Server-Side Request Forgery) attacks via a crafted request_uri parameter.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-36663
https://github.com/GluuFederation/oxAuth/releases/ta…

トピトピニュース

Featured

[github.com/crewjam/saml] crewjam/saml vulnerable to signature bypass via multiple Assertion elements due to improper authentication

[org.jeecgframework.boot:jeecg-boot-common] Jeecg-boot vulnerable to SQL Injection

[electron] Heap buffer overflow in GPU

[wger] wger vulnerable to brute force attempts