Peng@Shu)

#7896of 53,632
34.8Total CVSS
Vulnerabilities · 4
High
2
Critical
2
PT-2022-14896
7.5
2022-05-01
Unknown · Masuit.Tools.Core · CVE-2022-21167
**Name of the Vulnerable Software and Affected Versions** Masuit.Tools.Core versions all **Description** The issue concerns Arbitrary Code Execution via the ReceiveVarData<T> function in the SocketClient.cs component. This occurs because the socket client transmission lacks appropriate restrictions or type bindings for the BinaryFormatter, allowing a payload to be passed via user-controllable input after the connection is established. **Recommendations** For all versions, consider disabling the ReceiveVarData<T> function in the SocketClient.cs component as a temporary workaround until a patch is available. Restrict access to the SocketClient.cs component to minimize the risk of exploitation. Avoid using the BinaryFormatter without proper restrictions or type bindings in the affected component until the issue is resolved.
PT-2022-17197
7.7
2022-05-01
Unknown · Jsgui-Lang-Essentials · CVE-2022-25301
**Name of the Vulnerable Software and Affected Versions** jsgui-lang-essentials (affected versions not specified) **Description** The issue allows alteration of all Object attributes, including magical attributes such as `proto`, `constructor`, and `prototype`, leading to Prototype Pollution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-13409
9.8
2022-03-17
Unknown · Singoocms.Utility · CVE-2022-0749
**Name of the Vulnerable Software and Affected Versions** SinGooCMS.Utility (affected versions not specified) **Description** The issue concerns the socket client in the SinGooCMS.Utility package, which lacks appropriate restrictions or type bindings for the BinaryFormatter. This allows user-controllable input to pass in the payload after the socket client has been established. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2021-15467
9.8
2021-04-12
Swiper · Swiper · CVE-2021-23370
**Name of the Vulnerable Software and Affected Versions** swiper versions prior to 6.5.1 **Description** The issue affects the package swiper, making versions prior to 6.5.1 susceptible to prototype pollution. **Recommendations** For versions prior to 6.5.1, update to version 6.5.1 or later to resolve the issue.