A use-after-free issue exists in Chrome 100 and earlier versions. A malicious extension can achieve arbitrary code execution in the browser process.
>> ARCHIVE: 2022-05
This Metasploit module exploits CVE-2022-30525, an unauthenticated remote command injection vulnerability affecting Zyxel firewalls with zero touch provisioning (ZTP) support. By sending a malicious setWanPortSt command containing an mtu field…
Showdoc 2.10.3 – Stored Cross-Site Scripting (XSS)
SolarView Compact 6.0 – OS Command Injection
T-Soft E-Commerce 4 – SQLi (Authenticated)
SDT-CW3B1 1.1.0 – OS Command Injection
T-Soft E-Commerce 4 – ‘UrunAdi’ Stored Cross-Site Scripting (XSS)
Survey Sparrow Enterprise Survey Software 2022 – Stored Cross-Site Scripting (XSS)
This Metasploit module exploits CVE-2022-30525, an unauthenticated remote command injection vulnerability affecting Zyxel firewalls with zero touch provisioning (ZTP) support. By sending a malicious setWanPortSt command containing an mtu field…
Multiple Konica Minolta bizhub MFP printer terminals suffer from a sandbox escape with root access and have clear-text password vulnerabilities.