โผ CVE-2021-24612 โผ
๐ Read
via "National Vulnerability Database".
The Sociable WordPress plugin through 4.3.4.1 does not sanitise or escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability is disallowed๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24760 โผ
๐ Read
via "National Vulnerability Database".
The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 does not sanitise and escape its block, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-41991 โผ
๐ Read
via "National Vulnerability Database".
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24734 โผ
๐ Read
via "National Vulnerability Database".
The Compact WP Audio Player WordPress plugin before 1.9.7 does not escape some of its shortcodes attributes, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-42576 โผ
๐ Read
via "National Vulnerability Database".
The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-3755 โผ
๐ Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24736 โผ
๐ Read
via "National Vulnerability Database".
The Easy Download Manager and File Sharing Plugin with frontend file upload รยขรขโยฌรขโฌล a better Media Library รยขรขโยฌรขโฌ๏ฟฝ Shared Files WordPress plugin before 1.6.57 does not sanitise and escape some of its settings before outputting them in attributes, which could lead to Stored Cross-Site Scripting issues.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24675 โผ
๐ Read
via "National Vulnerability Database".
The One User Avatar WordPress plugin before 2.3.7 does not check for CSRF when updating the Avatar in page where the [avatar_upload] shortcode is embed. As a result, attackers could make logged in user change their avatar via a CSRF attack๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24413 โผ
๐ Read
via "National Vulnerability Database".
The Easy Twitter Feed WordPress plugin before 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24677 โผ
๐ Read
via "National Vulnerability Database".
The Find My Blocks WordPress plugin before 3.4.0 does not have authorisation checks in its REST API, which could allow unauthenticated users to enumerate private posts' titles.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24735 โผ
๐ Read
via "National Vulnerability Database".
The Compact WP Audio Player WordPress plugin before 1.9.7 does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF attack.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24516 โผ
๐ Read
via "National Vulnerability Database".
The PlanSo Forms WordPress plugin through 2.6.3 does not escape the title of its Form before outputting it in attributes, allowing high privilege users such as admin to set XSS payload in it, even when the unfiltered_html is disallowed, leading to an Authenticated Stored Cross-Site Scripting issue.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24622 โผ
๐ Read
via "National Vulnerability Database".
The Customer Service Software & Support Ticket System WordPress plugin before 5.10.4 does not sanitize or escape form fields before outputting it in the List, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-41971 โผ
๐ Read
via "National Vulnerability Database".
Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL.๐ Read
via "National Vulnerability Database".
๐ข US links $5.2 billion in Bitcoin transactions to ransomware ๐ข
๐ Read
via "ITPro".
A new report from the Treasury ties the cryptocurrency to ransomware payments over a ten year period๐ Read
via "ITPro".
IT PRO
US links $5.2 billion in Bitcoin transactions to ransomware | IT PRO
A new report from the Treasury ties the cryptocurrency to ransomware payments over a ten year period
๐ข Acer Taiwan falls victim to cyber attack ๐ข
๐ Read
via "ITPro".
Hackers obtained employee data three days after they breached Acer India servers๐ Read
via "ITPro".
IT PRO
Acer Taiwan falls victim to cyber attack | IT PRO
Hackers obtained employee data three days after they breached Acer India servers
๐ข The rise of cloud misconfiguration threats and how to avoid them ๐ข
๐ Read
via "ITPro".
Businesses must adopt new tools and practices to combat one of the leading causes of security breaches๐ Read
via "ITPro".
IT PRO
The rise of cloud misconfiguration threats and how to avoid them | IT PRO
Businesses must adopt new tools and practices to combat one of the leading causes of security breaches
๐ข Marsh McLennan reveals its cyber risk analytics center ๐ข
๐ Read
via "ITPro".
The center combines the expertise of Marsh, Guy Carpenter, Mercer, and Oliver Wyman๐ Read
via "ITPro".
IT PRO
Marsh McLennan reveals its cyber risk analytics center | IT PRO
The center combines the expertise of Marsh, Guy Carpenter, Mercer, and Oliver Wyman
๐ฆฟ Is your organization safe from a cybersecurity attack? ๐ฆฟ
๐ Read
via "Tech Republic".
How is your company preventing the terror of a potential cybersecurity breach? Take this quick, multiple choice survey and tell us about it.๐ Read
via "Tech Republic".
TechRepublic
Is your organization safe from a cybersecurity attack?
How is your company preventing the terror of a potential cybersecurity breach? Take this quick, multiple choice survey and tell us about it.
โ TikTok Serves Up Fresh Gamer Targets via Fake Among Us, Steam Offerings โ
๐ Read
via "Threat Post".
The tween-friendly video app is being used to serve up malvertising, disguised as free Steam game accounts or Among Us game hacks.๐ Read
via "Threat Post".
Threat Post
TikTok Serves Up Fresh Gamer Targets via Fake Among Us, Steam Offerings
The tween-friendly video app is being used to serve up malvertising, disguised as free Steam game accounts or Among Us game hacks.
โผ CVE-2021-36513 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch before 1.10.6, may allow attackers to view sensitive information due to an uninitialized value.๐ Read
via "National Vulnerability Database".