βΌ CVE-2021-3985 βΌ
π Read
via "National Vulnerability Database".
kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βΌ CVE-2021-3994 βΌ
π Read
via "National Vulnerability Database".
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βΌ CVE-2021-3993 βΌ
π Read
via "National Vulnerability Database".
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)π Read
via "National Vulnerability Database".
βΌ CVE-2021-32592 βΌ
π Read
via "National Vulnerability Database".
An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack attack on affected devices via a malicious OpenSSL engine library in the search path.π Read
via "National Vulnerability Database".
ποΈ Sixth member of notorious SIM-swapping cybercrime gang sentenced ποΈ
π Read
via "The Daily Swig".
US crime syndicate βThe Communityβ stole millions of dollarsβ worth of cryptocurrencyπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Sixth member of notorious SIM-swapping cybercrime gang sentenced
US crime syndicate βThe Communityβ stole millions of dollarsβ worth of cryptocurrency
β Clearview AI face-matching service set to be fined over $20m β
π Read
via "Naked Security".
Scraping data for a facial recognition service? "That's unlawful", concluded both the British and the Australians.π Read
via "Naked Security".
Naked Security
Clearview AI face-matching service set to be fined over $20m
Scraping data for a facial recognition service? βThatβs unlawfulβ, concluded both the British and the Australians.
π΄ The Cyber Threats Facing Retailers This Holiday Shopping Season π΄
π Read
via "Dark Reading".
With supply chain delays and an online shopping boom, attacks will come from multiple angles.π Read
via "Dark Reading".
Dark Reading
The Cyber Threats Facing Retailers This Holiday Shopping Season
With supply chain delays and an online shopping boom, attacks will come from multiple angles.
βΌ CVE-2021-43690 βΌ
π Read
via "National Vulnerability Database".
YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerability in src/Client.php. The exit function will terminate the script and print a message which have values from the socket_read.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44280 βΌ
π Read
via "National Vulnerability Database".
attendance management system 1.0 is affected by a SQL injection vulnerability in admin/incFunctions.php through the makeSafe function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25967 βΌ
π Read
via "National Vulnerability Database".
In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of usersΓ’β¬β’ profile picture. This allows low privileged application users to store malicious scripts in their profile picture. These scripts are executed in a victimΓ’β¬β’s browser when they open the malicious profile pictureπ Read
via "National Vulnerability Database".
βΌ CVE-2021-44279 βΌ
π Read
via "National Vulnerability Database".
Librenms 21.11.0 is affected by is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44277 βΌ
π Read
via "National Vulnerability Database".
Librenms 21.11.0 is affected by is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/common/alert-log.inc.php.π Read
via "National Vulnerability Database".
ποΈ βOver-permissiveβ authentication checks left 190 Australian organizations vulnerable to business email compromise attacks ποΈ
π Read
via "The Daily Swig".
Mail servers readily hijacked due to MSP oversightπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
βOver-permissiveβ authentication checks left 190 Australian organizations vulnerable to business email compromise attacks
Mail servers readily hijacked due to MSP oversight
π΄ CyCognito Secures $100M to Accelerate Next Evolution of Attack Surface Management π΄
π Read
via "Dark Reading".
Company gives Fortune 500 companies including Colgate-Palmolive, Tesco and Scientific Games Corporation full visibility and context into risk to preempt potential attacks.π Read
via "Dark Reading".
Dark Reading
CyCognito Secures $100M to Accelerate Next Evolution of Attack Surface Management
Company gives Fortune 500 companies including Colgate-Palmolive, Tesco and Scientific Games Corporation full visibility and context into risk to preempt potential attacks.
β Stealthy βWIRTEβ Gang Targets Middle Eastern Governments β
π Read
via "Threat Post".
Kaspersky researchers suspect that the cyberattackers may be a subgroup of the politically motivated, Palestine-focused Gaza Cybergang.π Read
via "Threat Post".
Threat Post
Stealthy βWIRTEβ Gang Targets Middle Eastern Governments
Kaspersky researchers suspect that the cyberattackers may be a subgroup of the politically motivated, Palestine-focused Gaza Cybergang.
βΌ CVE-2021-43689 βΌ
π Read
via "National Vulnerability Database".
manage (last update Oct 24, 2017) is affected by is affected by a Cross Site Scripting (XSS) vulnerability in Application/Home/Controller/GoodsController.class.php. The exit function will terminate the script and print a message which have values from $_POST.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43685 βΌ
π Read
via "National Vulnerability Database".
libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44480 βΌ
π Read
via "National Vulnerability Database".
Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number and password) to listen to a device's surroundings via a callback in an SMS command, as demonstrated by the 123456 and 523681 default passwords.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44479 βΌ
π Read
via "National Vulnerability Database".
NXP Kinetis K82 devices have a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40154 βΌ
π Read
via "National Vulnerability Database".
NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory.π Read
via "National Vulnerability Database".
βΌ CVE-2020-10627 βΌ
π Read
via "National Vulnerability Database".
Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.π Read
via "National Vulnerability Database".