βΌ CVE-2021-44537 βΌ
π Read
via "National Vulnerability Database".
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-33827 βΌ
π Read
via "National Vulnerability Database".
The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0235 βΌ
π Read
via "National Vulnerability Database".
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actorπ Read
via "National Vulnerability Database".
βΌ CVE-2021-4170 βΌ
π Read
via "National Vulnerability Database".
calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βΌ CVE-2022-23303 βΌ
π Read
via "National Vulnerability Database".
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23304 βΌ
π Read
via "National Vulnerability Database".
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3853 βΌ
π Read
via "National Vulnerability Database".
chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βΌ CVE-2021-3857 βΌ
π Read
via "National Vulnerability Database".
chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
β Romance scammer who targeted 670 women gets 28 months in jail β
π Read
via "Naked Security".
Found love online? Sending them money? Friends and family warning you it could be a scam? Don't be too quick to dismiss their concerns...π Read
via "Naked Security".
Naked Security
Romance scammer who targeted 670 women gets 28 months in jail
Found love online? Sending them money? Friends and family warning you it could be a scam? Donβt be too quick to dismiss their concernsβ¦
β€1
π΄ Mastering the Art of Cloud Tagging Using Data Science π΄
π Read
via "Dark Reading".
Cloud tagging, the process of labeling cloud assets by certain attributes or operational values, can unlock behavioral insights to optimize and automate cyber asset management at scale.π Read
via "Dark Reading".
Dark Reading
Mastering the Art of Cloud Tagging Using Data Science
Cloud tagging, the process of labeling cloud assets by certain attributes or operational values, can unlock behavioral insights to optimize and automate cyber asset management at scale.
ποΈ White House tackles βunique security challengesβ faced by open source ecosystem during dedicated virtual summit ποΈ
π Read
via "The Daily Swig".
Silicon Valley giants joined government officials to thrash out remedies to software supply chain woesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
White House tackles βunique security challengesβ faced by open source ecosystem during dedicated virtual summit
Silicon Valley giants joined government officials to thrash out remedies to software supply chain woes
βΌ CVE-2021-25025 βΌ
π Read
via "National Vulnerability Database".
The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create eventsπ Read
via "National Vulnerability Database".
βΌ CVE-2021-25024 βΌ
π Read
via "National Vulnerability Database".
The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issuesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-25061 βΌ
π Read
via "National Vulnerability Database".
The WP Booking System WordPress plugin before 2.0.15 was affected by a reflected xss in wp-booking-system on the wpbs-calendars admin page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0253 βΌ
π Read
via "National Vulnerability Database".
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βΌ CVE-2021-24909 βΌ
π Read
via "National Vulnerability Database".
The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not sanitise and escape the post parameter in the includes/acf_photo_gallery_metabox_edit.php file before outputing back in an attribute, leading to a Reflected Cross-Site Scripting issueπ Read
via "National Vulnerability Database".
βΌ CVE-2021-25005 βΌ
π Read
via "National Vulnerability Database".
The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and escape some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2021-4164 βΌ
π Read
via "National Vulnerability Database".
calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)π Read
via "National Vulnerability Database".
βΌ CVE-2021-24838 βΌ
π Read
via "National Vulnerability Database".
The AnyComment WordPress plugin through 0.2.17 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25036 βΌ
π Read
via "National Vulnerability Database".
The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue, which was discovered during an internal audit by the Jetpack Scan team, and may grant bad actors access to protected REST API endpoints they shouldnΓΒ’Γ’β¬ÒβΒ’t have access to. This could ultimately enable users with low-privileged accounts, like subscribers, to perform remote code execution on affected sites.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0240 βΌ
π Read
via "National Vulnerability Database".
mruby is vulnerable to NULL Pointer Dereferenceπ Read
via "National Vulnerability Database".