[bottle] Denial of service in bottle

Bottle before 0.12.20 mishandles errors during early request binding.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-31799
https://github.com/bottlepy/bottle/commit/a2b0ee6bb4ce88895429ec4aca856616244c4c4c
https://github.com/bottlepy/bottle/comm…

[net.mingsoft:ms-mcms] Code injection in MCMS

An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-30506
https://gitee.com/mingSoft/MCMS/issues/I56AID
ht…

[SSCMS] Cross site scripting in SSCMS

siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS).
References

https://nvd.nist.gov/vuln/detail/CVE-2022-30349
https://github.com/siteserver/cms/issues/3238
https://github.com/advisories/GHSA-4qf6-vpj8-p4r6

[flower] Authorization bypass in Flower

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutt…