‼ CVE-2019-14128 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-14140 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16651 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-14143 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24846 ‼
📖 Read
via "National Vulnerability Database".
The get_query() function of the Ni WooCommerce Custom Order Status WordPress plugin before 1.9.7, used by the niwoocos_ajax AJAX action, available to all authenticated users, does not properly sanitise the sort parameter before using it in a SQL statement, leading to an SQL injection, exploitable by any authenticated users, such as subscriber📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24981 ‼
📖 Read
via "National Vulnerability Database".
The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45450 ‼
📖 Read
via "National Vulnerability Database".
In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24956 ‼
📖 Read
via "National Vulnerability Database".
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24738 ‼
📖 Read
via "National Vulnerability Database".
The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24907 ‼
📖 Read
via "National Vulnerability Database".
The Contact Form, Drag and Drop Form Builder for WordPress plugin before 1.8.0 does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24941 ‼
📖 Read
via "National Vulnerability Database".
The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.0.5 does not sanitise and escape the message_id parameter of the get_message_action_row AJAX action before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45451 ‼
📖 Read
via "National Vulnerability Database".
In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24750 ‼
📖 Read
via "National Vulnerability Database".
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24578 ‼
📖 Read
via "National Vulnerability Database".
The SportsPress WordPress plugin before 2.7.9 does not sanitise and escape its match_day parameter before outputting back in the Events backend page, leading to a Reflected Cross-Site Scripting issue📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24739 ‼
📖 Read
via "National Vulnerability Database".
The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24849 ‼
📖 Read
via "National Vulnerability Database".
The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections📖 Read
via "National Vulnerability Database".
🕴 How is Zero Trust Evolving to be More Continuous in Verifying Trust? 🕴
📖 Read
via "Dark Reading".
For zero trust to be successful, organizations need to be able to check user identity, device posture, and overall behavior without adding friction to the experience.📖 Read
via "Dark Reading".
Dark Reading
How Is Zero Trust Evolving to Be More Continuous in Verifying Trust?
For zero trust to be successful, organizations need to be able to check user identity, device posture, and overall behavior without adding friction to the experience.
‼ CVE-2021-45255 ‼
📖 Read
via "National Vulnerability Database".
The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45253 ‼
📖 Read
via "National Vulnerability Database".
The id parameter in view_storage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45252 ‼
📖 Read
via "National Vulnerability Database".
Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are manage_topic.php, manage_user.php, and ajax.php. The attacker can be retrieving all information from the database of this system by using this vulnerability.📖 Read
via "National Vulnerability Database".
🗓️ Ubisoft confirms Just Dance video game data breach 🗓️
📖 Read
via "The Daily Swig".
Developer said no accounts had been improperly accessed📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Ubisoft confirms Just Dance video game data breach
Developer said no accounts had been improperly accessed