‼ CVE-2021-24513 ‼
📖 Read
via "National Vulnerability Database".
The Form Builder | Create Responsive Contact Forms WordPress plugin before 1.9.8.4 does not sanitise or escape its Form Title, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfiltered_html capability is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24390 ‼
📖 Read
via "National Vulnerability Database".
A proid GET parameter of the WordPressæâ€�¯ä»˜å®?Alipay|财付通Tenpay|è´?å®?PayPal集æˆ?æ?ՊȦ WordPress plugin through 3.7.2 is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited by quotes, leading to SQL injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24392 ‼
📖 Read
via "National Vulnerability Database".
An id GET parameter of the WordPress Membership SwiftCloud.io WordPress plugin through 1.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24393 ‼
📖 Read
via "National Vulnerability Database".
A c GET parameter of the Comment Highlighter WordPress plugin through 0.13 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24391 ‼
📖 Read
via "National Vulnerability Database".
An editid GET parameter of the Cashtomer WordPress plugin through 1.0.0 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24601 ‼
📖 Read
via "National Vulnerability Database".
The WPFront Notification Bar WordPress plugin before 2.1.0.08087 does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24611 ‼
📖 Read
via "National Vulnerability Database".
The Keyword Meta WordPress plugin through 3.0 does not sanitise of escape its settings before outputting them back in the page after they are saved, allowing for Cross-Site Scripting issues. Furthermore, it is also lacking any CSRF check, allowing attacker to make a logged in high privilege user save arbitrary setting via a CSRF attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24517 ‼
📖 Read
via "National Vulnerability Database".
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2021.18 does not escape some of its settings, allowing high privilege users such as admin to set Cross-Site Scripting payloads in them even when the unfiltered_html capability is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24568 ‼
📖 Read
via "National Vulnerability Database".
The AddToAny Share Buttons WordPress plugin before 1.7.46 does not sanitise its Sharing Header setting when outputting it in frontend pages, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24435 ‼
📖 Read
via "National Vulnerability Database".
The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues📖 Read
via "National Vulnerability Database".
🦿 Cybersecurity: Watch out for these unique fraudster tricks Loki would be proud of 🦿
📖 Read
via "Tech Republic".
Online fraud is getting sneakier and stealthier as mischievous operatives evolve their techniques. Learn some of the unique tricks afoot today and how to spot them.📖 Read
via "Tech Republic".
TechRepublic
Cybersecurity: Watch out for these unique fraudster tricks Loki would be proud of
Online fraud is getting sneakier and stealthier as mischievous operatives evolve their techniques. Learn some of the unique tricks afoot today and how to spot them.
‼ CVE-2021-25735 ‼
📖 Read
via "National Vulnerability Database".
A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3768 ‼
📖 Read
via "National Vulnerability Database".
bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32568 ‼
📖 Read
via "National Vulnerability Database".
mrdoc is vulnerable to Deserialization of Untrusted Data📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3770 ‼
📖 Read
via "National Vulnerability Database".
vim is vulnerable to Heap-based Buffer Overflow📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3766 ‼
📖 Read
via "National Vulnerability Database".
objection.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25737 ‼
📖 Read
via "National Vulnerability Database".
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36744 ‼
📖 Read
via "National Vulnerability Database".
Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3767 ‼
📖 Read
via "National Vulnerability Database".
bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')📖 Read
via "National Vulnerability Database".
❌ IoT Attacks Skyrocket, Doubling in 6 Months ❌
📖 Read
via "Threat Post".
The first half of 2021 saw 1.5 billion attacks on smart devices, with attackers looking to steal data, mine cryptocurrency or build botnets.📖 Read
via "Threat Post".
Threat Post
IoT Attacks Skyrocket, Doubling in 6 Months
The first half of 2021 saw 1.5 billion attacks on smart devices, with attackers looking to steal data, mine cryptocurrency or build botnets.
⚠ Poisoned proxy PACs! The NPM package with a network-wide security hole… ⚠
📖 Read
via "Naked Security".
3,000,000 downloads a week... if only they'd read the fastitidous manual!📖 Read
via "Naked Security".
Naked Security
Poisoned proxy PACs! The NPM package with a network-wide security hole…
3,000,000 downloads a week… if only they’d read the fastidious manual!