โผ CVE-2021-36877 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to modify user roles.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24659 โผ
๐ Read
via "National Vulnerability Database".
The PostX รยขรขโยฌรขโฌล Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's block.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-39818 โผ
๐ Read
via "National Vulnerability Database".
Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24610 โผ
๐ Read
via "National Vulnerability Database".
The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trp_sanitize_string' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-23445 โผ
๐ Read
via "National Vulnerability Database".
This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24660 โผ
๐ Read
via "National Vulnerability Database".
The PostX รยขรขโยฌรขโฌล Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's shortcode.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24661 โผ
๐ Read
via "National Vulnerability Database".
The PostX รยขรขโยฌรขโฌล Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-40712 โผ
๐ Read
via "National Vulnerability Database".
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper input validation vulnerability via the path parameter. An authenticated attacker can send a malformed POST request to achieve server-side denial of service.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-40702 โผ
๐ Read
via "National Vulnerability Database".
Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious psd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-40329 โผ
๐ Read
via "National Vulnerability Database".
The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-39827 โผ
๐ Read
via "National Vulnerability Database".
Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary file write vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to write an arbitrary file to the system. User interaction is required before product installation to abuse this vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-36845 โผ
๐ Read
via "National Vulnerability Database".
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. Vulnerable parameters: 1 - "Newsletter" tab, &yith_maintenance_newsletter_submit_label parameter: payload should start with a single quote (') symbol to break the context, i.e.: NOTIFY ME' autofocus onfocus=alert(/Visse/);// v=' - this payload will be auto triggered while admin visits this page/tab. 2 - "General" tab issues, vulnerable parameters: &yith_maintenance_message, &yith_maintenance_custom_style, &yith_maintenance_mascotte, &yith_maintenance_title_font[size], &yith_maintenance_title_font[family], &yith_maintenance_title_font[color], &yith_maintenance_paragraph_font[size], &yith_maintenance_paragraph_font[family], &yith_maintenance_paragraph_font[color], &yith_maintenance_border_top. 3 - "Background" tab issues, vulnerable parameters: &yith_maintenance_background_image, &yith_maintenance_background_color. 4 - "Logo" tab issues, vulnerable parameters: &yith_maintenance_logo_image, &yith_maintenance_logo_tagline, &yith_maintenance_logo_tagline_font[size], &yith_maintenance_logo_tagline_font[family], &yith_maintenance_logo_tagline_font[color]. 5 - "Newsletter" tab issues, vulnerable parameters: &yith_maintenance_newsletter_email_font[size], &yith_maintenance_newsletter_email_font[family], &yith_maintenance_newsletter_email_font[color], &yith_maintenance_newsletter_submit_font[size], &yith_maintenance_newsletter_submit_font[family], &yith_maintenance_newsletter_submit_font[color], &yith_maintenance_newsletter_submit_background, &yith_maintenance_newsletter_submit_background_hover, &yith_maintenance_newsletter_title, &yith_maintenance_newsletter_action, &yith_maintenance_newsletter_email_label, &yith_maintenance_newsletter_email_name, &yith_maintenance_newsletter_submit_label, &yith_maintenance_newsletter_hidden_fields. 6 - "Socials" tab issues, vulnerable parameters: &yith_maintenance_socials_facebook, &yith_maintenance_socials_twitter, &yith_maintenance_socials_gplus, &yith_maintenance_socials_youtube, &yith_maintenance_socials_rss, &yith_maintenance_socials_skype, &yith_maintenance_socials_email, &yith_maintenance_socials_behance, &yith_maintenance_socials_dribble, &yith_maintenance_socials_flickr, &yith_maintenance_socials_instagram, &yith_maintenance_socials_pinterest, &yith_maintenance_socials_tumblr, &yith_maintenance_socials_linkedin.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-39823 โผ
๐ Read
via "National Vulnerability Database".
Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and earlier versions are affected by a heap buffer overflow vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-40701 โผ
๐ Read
via "National Vulnerability Database".
Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-39826 โผ
๐ Read
via "National Vulnerability Database".
Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary command execution vulnerability. An authenticated attacker could leverage this vulnerability to execute arbitrary commands. User interaction is required to abuse this vulnerability in that a user must open a maliciously crafted .epub file.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-39824 โผ
๐ Read
via "National Vulnerability Database".
Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious png file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.๐ Read
via "National Vulnerability Database".
โ Women, Minorities Are Hacked More Than Others โ
๐ Read
via "Threat Post".
Income level, education and being part of a disadvantaged population all contribute to cybercrime outcomes, a survey suggests.๐ Read
via "Threat Post".
Threat Post
Women, Minorities Are Hacked More Than Others
Income level, education and being part of a disadvantaged population all contribute to cybercrime outcomes, a survey suggests.
โผ CVE-2021-24632 โผ
๐ Read
via "National Vulnerability Database".
The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.1 does not escape the message parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue๐ Read
via "National Vulnerability Database".
โผ CVE-2021-40713 โผ
๐ Read
via "National Vulnerability Database".
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate validation vulnerability in the cold storage component. If an attacker can achieve a man in the middle when the cold server establishes a new certificate, they would be able to harvest sensitive information.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-41558 โผ
๐ Read
via "National Vulnerability Database".
The set_user extension module before 3.0.0 for PostgreSQL allows ProcessUtility_hook bypass via set_config.๐ Read
via "National Vulnerability Database".
๐ Ransomware Attacks on Agriculture Industry Increase ๐
๐ Read
via "".
Two attacks on farming co-ops in the midwest have corroborated a warning from the FBI that when it comes to ransomware attacks, the agricultural industry is on watch .๐ Read
via "".
Digital Guardian
Ransomware Attacks on Agriculture Industry Increase
Two attacks on farming co-ops in the midwest have corroborated a warning from the FBI that when it comes to ransomware attacks, the agricultural industry is on watch .