CVE-2022-1626

The Sharebar WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-Site Scripting issue due to the lack of sanitisation and escaping in some of them

Publication date: Mon, 11 Jul 2022 18:15:00 +0000

Cyber News related to CVE-2022-1626

CVE-2022-1626 - The Sharebar WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-Site Scripting issue due to ...
2 years ago

CVE-2023-1626 - A vulnerability was found in Jianming Antivirus 16.2.2022.418. It has been declared as critical. This vulnerability affects unknown code in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. ...
1 year ago

CVE-2015-0056 - Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than ...
6 years ago

CVE-2015-1623 - Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than ...
6 years ago

CVE-2015-1626 - Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than ...
6 years ago

CVE-2010-1626 - MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247. ...
5 years ago

CVE-2008-1626 - SQL injection vulnerability in eggBlog before 4.0.1 allows remote attackers to execute arbitrary SQL commands via an unspecified cookie. NOTE: this might overlap CVE-2008-0159. ...
7 years ago

CVE-2006-1192 - Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated ...
3 years ago

CVE-2006-1626 - Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a ...
3 years ago

CVE-2005-1626 - Multiple buffer overflows in handlers.c for Pico Server (pServ) before 3.3 may allow attackers to execute arbitrary code. ...
16 years ago

CVE-2002-1626 - Directory traversal vulnerability in Mike Spice My Calendar before 1.5 allows remote attackers to write arbitrary files via .. (dot dot) sequences in a URL. ...
7 years ago

CVE-2004-1626 - Buffer overflow in Ability Server 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long STOR command. ...
7 years ago

CVE-2007-0838 - FreeProxy before 3.92 Build 1626 allows malicious users to cause a denial of service (infinite loop) via a HOST: header with a hostname and port number that refers to the server itself. <a ...
7 years ago

CVE-2012-1626 - SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to execute arbitrary SQL commands via unspecified ...
7 years ago

CVE-2014-1626 - XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read arbitrary files via a crafted XML file. ...
7 years ago

CVE-2009-1626 - SQL injection vulnerability in public/specific.php in EZ-Blog before Beta 2 20090427, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category parameter. ...
7 years ago

CVE-2007-1626 - PHP remote file inclusion vulnerability in iframe.php in the iFrame Module for PHP-NUKE allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. ...
7 years ago

CVE-2016-1626 - The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a denial of service (out-of-bounds read) via a ...
1 year ago

CVE-2018-1626 - IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be ...
5 years ago

CVE-2019-1626 - A vulnerability in the vManage web-based UI (Web UI) of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. The vulnerability is due to a failure to properly authorize ...
4 years ago

CVE-2021-1626 - MuleSoft is aware of a Remote Code Execution vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Versions affected: Mule 4.1.x and 4.2.x runtime released before February 2, ...
3 years ago

CVE-2020-1626 - A vulnerability in Juniper Networks Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a pfemand process crash. The pfemand process is responsible for ...
3 years ago

CVE-2019-10929 - A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < ...
2 years ago

CVE-2020-8013 - A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it ...
2 years ago

CVE-2023-37195 - A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). Affected devices insufficiently control continuous ...
1 year ago

Latest Cyber News

CVE-2024-12895 - 8 hours ago
CVE-2024-12894 - 10 hours ago
CVE-2024-12893 - 14 hours ago
CVE-2024-12892 - 14 hours ago
CVE-2024-12891 - 15 hours ago
CVE-2024-12890 - 16 hours ago
CVE-2024-11852 - 20 hours ago
CVE-2024-12884 - 1 day ago
CVE-2024-51463 - 1 day ago
CVE-2024-51464 - 1 day ago
CVE-2024-12883 - 1 day ago
CVE-2024-12875 - 1 day ago
CVE-2024-12591 - 1 day ago
CVE-2024-12408 - 1 day ago
CVE-2024-12558 - 1 day ago
CVE-2024-11722 - 1 day ago
CVE-2024-11688 - 1 day ago
CVE-2024-10453 - 1 day ago
CVE-2024-11808 - 1 day ago
CVE-2024-12588 - 1 day ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2024-11852 - 20 hours ago
CVE-2024-12890 - 16 hours ago
CVE-2024-12891 - 15 hours ago
CVE-2024-12892 - 14 hours ago
CVE-2024-12893 - 14 hours ago
CVE-2024-12894 - 10 hours ago
CVE-2024-12895 - 8 hours ago
CVE-2024-12841 - 2 days ago
CVE-2024-37758 - 2 days ago
CVE-2024-55342 - 2 days ago
CVE-2024-12842 - 2 days ago
CVE-2024-12867 - 2 days ago
CVE-2024-55341 - 2 days ago
CVE-2024-56329 - 2 days ago
CVE-2024-56330 - 2 days ago
CVE-2024-56331 - 2 days ago
CVE-2024-56333 - 2 days ago
CVE-2024-12843 - 2 days ago
CVE-2024-12844 - 2 days ago
CVE-2024-40875 - 2 days ago