βΌ CVE-2021-4019 βΌ
π Read
via "National Vulnerability Database".
vim is vulnerable to Heap-based Buffer Overflowπ Read
via "National Vulnerability Database".
βΌ CVE-2021-34599 βΌ
π Read
via "National Vulnerability Database".
Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certificate of the server to which the connection is made is not properly verified, the server connection is vulnerable to a man-in-the-middle attack.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4018 βΌ
π Read
via "National Vulnerability Database".
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
β Widespread βSmishingβ Campaign Defrauds Iranian Android Users β
π Read
via "Threat Post".
Attackers use socially engineered SMS messages and malware to compromise tens of thousands of devices and drain user bank accounts.π Read
via "Threat Post".
Threat Post
Widespread βSmishingβ Campaign Defrauds Iranian Android Users
Attackers use socially engineered SMS messages and malware to compromise tens of thousands of devices and drain user bank accounts.
βΌ CVE-2021-4017 βΌ
π Read
via "National Vulnerability Database".
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)π Read
via "National Vulnerability Database".
βΌ CVE-2021-3989 βΌ
π Read
via "National Vulnerability Database".
showdoc is vulnerable to URL Redirection to Untrusted Siteπ Read
via "National Vulnerability Database".
βΌ CVE-2021-3990 βΌ
π Read
via "National Vulnerability Database".
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)π Read
via "National Vulnerability Database".
βΌ CVE-2021-3964 βΌ
π Read
via "National Vulnerability Database".
elgg is vulnerable to Authorization Bypass Through User-Controlled Keyπ Read
via "National Vulnerability Database".
βΌ CVE-2021-3983 βΌ
π Read
via "National Vulnerability Database".
kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βΌ CVE-2021-3984 βΌ
π Read
via "National Vulnerability Database".
vim is vulnerable to Heap-based Buffer Overflowπ Read
via "National Vulnerability Database".
βΌ CVE-2021-3992 βΌ
π Read
via "National Vulnerability Database".
kimai2 is vulnerable to Improper Access Controlπ Read
via "National Vulnerability Database".
βΌ CVE-2021-4015 βΌ
π Read
via "National Vulnerability Database".
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)π Read
via "National Vulnerability Database".
βΌ CVE-2021-3985 βΌ
π Read
via "National Vulnerability Database".
kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βΌ CVE-2021-3994 βΌ
π Read
via "National Vulnerability Database".
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βΌ CVE-2021-3993 βΌ
π Read
via "National Vulnerability Database".
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)π Read
via "National Vulnerability Database".
βΌ CVE-2021-32592 βΌ
π Read
via "National Vulnerability Database".
An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path.π Read
via "National Vulnerability Database".
ποΈ Sixth member of notorious SIM-swapping cybercrime gang sentenced ποΈ
π Read
via "The Daily Swig".
US crime syndicate βThe Communityβ stole millions of dollarsβ worth of cryptocurrencyπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Sixth member of notorious SIM-swapping cybercrime gang sentenced
US crime syndicate βThe Communityβ stole millions of dollarsβ worth of cryptocurrency
β Clearview AI face-matching service set to be fined over $20m β
π Read
via "Naked Security".
Scraping data for a facial recognition service? "That's unlawful", concluded both the British and the Australians.π Read
via "Naked Security".
Naked Security
Clearview AI face-matching service set to be fined over $20m
Scraping data for a facial recognition service? βThatβs unlawfulβ, concluded both the British and the Australians.
π΄ The Cyber Threats Facing Retailers This Holiday Shopping Season π΄
π Read
via "Dark Reading".
With supply chain delays and an online shopping boom, attacks will come from multiple angles.π Read
via "Dark Reading".
Dark Reading
The Cyber Threats Facing Retailers This Holiday Shopping Season
With supply chain delays and an online shopping boom, attacks will come from multiple angles.
βΌ CVE-2021-43690 βΌ
π Read
via "National Vulnerability Database".
YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerability in src/Client.php. The exit function will terminate the script and print a message which have values from the socket_read.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44280 βΌ
π Read
via "National Vulnerability Database".
attendance management system 1.0 is affected by a SQL injection vulnerability in admin/incFunctions.php through the makeSafe function.π Read
via "National Vulnerability Database".