MODERATE

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the get_file_transfer_type method.
References

https://nvd.nist.gov/vuln/…

An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-44244
https://gist.github.com/cai-niao98/58c97899695488bd73a73d56adf44c4c
https://github.co…

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2.
References

https://nvd.nist.gov/vuln/detail/CVE-2022…

A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS version 4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field.
Ref…

FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-43320
https://github.com/liufee/feehic…

A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS in version 4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field.
References

https://n…

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET, .NET Core and .NET Framework’s System.Data.SqlClient and Microsoft.Data.SqlClient NuGet Packages.
A vulnerability exists in System.Data.SqlClient and Mi…

Overview
During our internal security assessment, it was discovered that OpenFGA versions v0.2.4 and prior are vulnerable to authorization bypass under certain conditions.
Am I Affected?
You are affected by this vulnerability if you are using openfga/o…

The compression and decompression function used mem:uninitialized to create an array of uninitialized values, to later write values into it. This later leads to reads from uninitialized memory.
The flaw was corrected in commit b633bf265e41c60dfce3be7ea…

Code Injection in GitHub repository froxlor/froxlor prior to version 0.10.38.2. There are currently no known workarounds, please upgrade to version 0.10.38.2.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-3869
https://github.com/froxlor/froxlor…