Zepp version 6.1.4-play suffers from a user account enumeration flaw in the password reset function.
>> CATEGORY: exploit
This Metasploit module exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The vulnerability was introduced by Debian and Ubuntu Redis packages that insufficiently sanitized the Lua environment. The maintainers failed to…
This Metasploit module exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The vulnerability was introduced by Debian and Ubuntu Redis packages that insufficiently sanitized the Lua environment. The maintainers failed to…
WordPress WP-Invoice plugin version 4.3.1 suffers from a persistent cross site scripting vulnerability.
Gitlab versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.7 prior to 14.7.7 suffer from a bypass vulnerability due to having set a hardcoded password for accounts registered…
Gitlab versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.7 prior to 14.7.7 suffer from a persistent cross site scripting vulnerability.
WordPress Coru LFMember plugin version 1.0.2 suffers from a persistent cross site scripting vulnerability.
WordPress Coru LFMember plugin version 1.0.2 suffers from a persistent cross site scripting vulnerability.
Joomla Sexy Polling extension versions 2.1.7 and below suffer from a remote SQL injection vulnerability.
WordPress ScrollReveal.js Effects plugin version 1.1.1 suffers from a persistent cross site scripting vulnerability.