National Vulnerability Database - RSS Feed

This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.

Latest articles

CVE-2017-20089 (gwolle_guestbook)

A vulnerability was found in Gwolle Guestbook Plugin 1.7.4. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to basic cross site scripting. The attack may be initiated remotely.

CVE-2017-20091 (library_file_manager)

A vulnerability was found in File Manager Plugin 3.0.1. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely.

CVE-2017-20090 (global_content_blocks)

A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely.

CVE-2022-33127 (diffy)

The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string.

CVE-2022-33105 (redis)

Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID.

CVE-2022-31787 (ideatms)

IdeaTMS 2022 is vulnerable to SQL Injection via the PATH_INFO

CVE-2021-26636 (maxboard)

Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution, which could lead to information exposure and privilege escalation.

CVE-2021-40956 (laiketui)

LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained.

CVE-2017-20087 (alpine-photo-tile-for-instagram)

A vulnerability, which was classified as problematic, has been found in Alpine PhotoTile for Instagram Plugin 1.2.7.7. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely.

CVE-2022-2068 (debian_linux, openssl)

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names...

Discover, share and read the best on the web

Follow RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters! Get unfiltered news feeds or filter them to your liking.

Get Inoreader
Inoreader - Follow RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters!