โผ CVE-2021-4164 โผ
๐ Read
via "National Vulnerability Database".
calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24838 โผ
๐ Read
via "National Vulnerability Database".
The AnyComment WordPress plugin through 0.2.17 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-25036 โผ
๐ Read
via "National Vulnerability Database".
The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue, which was discovered during an internal audit by the Jetpack Scan team, and may grant bad actors access to protected REST API endpoints they shouldnรยขรขโยฌรขโยขt have access to. This could ultimately enable users with low-privileged accounts, like subscribers, to perform remote code execution on affected sites.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-0240 โผ
๐ Read
via "National Vulnerability Database".
mruby is vulnerable to NULL Pointer Dereference๐ Read
via "National Vulnerability Database".
โผ CVE-2021-25037 โผ
๐ Read
via "National Vulnerability Database".
The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affected siteรขโฌโขs database (e.g., usernames and hashed passwords).๐ Read
via "National Vulnerability Database".
โผ CVE-2021-25046 โผ
๐ Read
via "National Vulnerability Database".
The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed any logged-in user, even a subscriber user, may add a category whose parameters are incorrectly escaped in the admin panel, leading to stored XSS.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-3862 โผ
๐ Read
via "National Vulnerability Database".
icecoder is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')๐ Read
via "National Vulnerability Database".
โผ CVE-2021-25067 โผ
๐ Read
via "National Vulnerability Database".
The Landing Page Builder WordPress plugin before 1.4.9.6 was affected by a reflected XSS in page-builder-add on the ulpb_post admin page.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-25065 โผ
๐ Read
via "National Vulnerability Database".
The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-0256 โผ
๐ Read
via "National Vulnerability Database".
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')๐ Read
via "National Vulnerability Database".
โผ CVE-2022-0257 โผ
๐ Read
via "National Vulnerability Database".
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')๐ Read
via "National Vulnerability Database".
โผ CVE-2022-0258 โผ
๐ Read
via "National Vulnerability Database".
pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command๐ Read
via "National Vulnerability Database".
๐๏ธ Celebrations over REvil ransomware arrests in Russia may be premature ๐๏ธ
๐ Read
via "The Daily Swig".
โItโs not clear whether the developers or lower-level criminals were arrestedโ, threat intel experts tell The Daily Swig๐ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Celebrations over REvil ransomware arrests in Russia may be premature
โItโs not clear whether the developers or lower-level criminals were arrestedโ, security experts tell The Daily Swig
โผ CVE-2021-38965 โผ
๐ Read
via "National Vulnerability Database".
IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 212346.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-33040 โผ
๐ Read
via "National Vulnerability Database".
managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows XSS.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-22703 โผ
๐ Read
via "National Vulnerability Database".
In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-0245 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/livehelperchat prior to 2.0.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-44757 โผ
๐ Read
via "National Vulnerability Database".
Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server.๐ Read
via "National Vulnerability Database".
๐๏ธ Researchers discover โextremely easyโ 2FA bypass in Box cloud management software ๐๏ธ
๐ Read
via "The Daily Swig".
Breaking the Box๐ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Researchers discover โextremely easyโ 2FA bypass in Box cloud management software
Breaking the Box
โ Organizations Face a โLosing Battleโ Against Vulnerabilities โ
๐ Read
via "Threat Post".
Companies must take more โinnovative and proactiveโ approaches to security in 2022 to combat threats that emerged last year, researchers said.๐ Read
via "Threat Post".
Threat Post
Organizations Face a โLosing Battleโ Against Vulnerabilities
Companies must take more โinnovative and proactiveโ approaches to security in 2022 to combat threats that emerged last year, researchers said.
๐ด 5 Reasons Why M&A Is the Engine Driving Cybersecurity ๐ด
๐ Read
via "Dark Reading".
Consistent acquisition of key technologies and talent is a proven strategy for growth.๐ Read
via "Dark Reading".
Dark Reading
5 Reasons Why M&A Is the Engine Driving Cybersecurity
Consistent acquisition of key technologies and talent is a proven strategy for growth.