βΌ CVE-2022-25020 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26332 βΌ
π Read
via "National Vulnerability Database".
Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24446 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44961 βΌ
π Read
via "National Vulnerability Database".
A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A Specially crafAn out-of-bounds read vulnerability exists in the GCode::extrude() functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially crafted stl file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.ted stl files can exhaust available memory.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42767 βΌ
π Read
via "National Vulnerability Database".
A directory traversal vulnerability in the Apoc plugins in Neo4J Graph database 4.0.0 through 4.3.6 allows attackers to read local files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22262 βΌ
π Read
via "National Vulnerability Database".
ROG Live ServiceΓ’β¬β’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file path, to delete arbitrary system files and disrupt system service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0777 βΌ
π Read
via "National Vulnerability Database".
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35036 βΌ
π Read
via "National Vulnerability Database".
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0776 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4039 βΌ
π Read
via "National Vulnerability Database".
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device.π Read
via "National Vulnerability Database".
ποΈ Critical GitLab vulnerability could allow attackers to steal runner registration tokens ποΈ
π Read
via "The Daily Swig".
Flaw present in multiple versions of DevOps platform β update nowπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Critical GitLab vulnerability could allow attackers to steal runner registration tokens
Flaw present in multiple versions of DevOps platform β update now
π1
π΄ Beyond the Hype: AI's Future in Defensive Cybersecurity π΄
π Read
via "Dark Reading".
Hybridizing signatures with artificial intelligence is making a significant difference in our ability to detect cyberattacks, including ransomware.π Read
via "Dark Reading".
Dark Reading
Beyond the Hype: AI's Future in Defensive Cybersecurity
Hybridizing signatures with artificial intelligence is making a significant difference in our ability to detect cyberattacks, including ransomware.
ποΈ Private chat? Chrome Skype extension with 9m installs found to be leaking user info ποΈ
π Read
via "The Daily Swig".
Microsoft addresses issue at eleventh hour, as researcher publicly discloses βtrivialβ privacy bug in browser pluginπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Private chat? Chrome Skype extension with 9m installs found to be leaking user info
Microsoft addresses issue at eleventh hour, as researcher publicly discloses βtrivialβ privacy bug in browser plugin
βΌ CVE-2022-23380 βΌ
π Read
via "National Vulnerability Database".
There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&id=2&ctrl=edit.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23377 βΌ
π Read
via "National Vulnerability Database".
Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an attacker to retrieve local files.π Read
via "National Vulnerability Database".
ποΈ Toyota shuts down production after βcyber-attackβ on supplier ποΈ
π Read
via "The Daily Swig".
JITter in the supply chainπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Toyota shuts down production after βcyber-attackβ on supplier
JITter in the supply chain
π1
β Ukraine Hit with Novel βFoxBladeβ Trojan Hours Before Invasion β
π Read
via "Threat Post".
Microsoft detected cyberattacks launched against Ukraine hours before Russiaβs tanks and missiles began to pummel the country last week.π Read
via "Threat Post".
Threat Post
Ukraine Hit with Novel βFoxBladeβ Trojan Hours Before Invasion
Microsoft detected cyberattacks launched against Ukraine hours before Russiaβs tanks and missiles began to pummel the country last week.
β Instagram scammers as busy as ever: passwords and 2FA codes at risk β
π Read
via "Naked Security".
Instagram scams don't seem to be dying out - we're seeing more variety and trickiness than ever...π Read
via "Naked Security".
βΌ CVE-2021-44238 βΌ
π Read
via "National Vulnerability Database".
AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php,π Read
via "National Vulnerability Database".
βΌ CVE-2021-46387 βΌ
π Read
via "National Vulnerability Database".
ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking.π Read
via "National Vulnerability Database".
β Daxin Espionage Backdoor Ups the Ante on Chinese Malware β
π Read
via "Threat Post".
Via node-hopping, the espionage tool can reach computers that aren't even connected to the internet.π Read
via "Threat Post".
Threat Post
Daxin Espionage Backdoor Ups the Ante on Chinese Malware
Via node-hopping, the espionage tool can reach computers that aren't even connected to the internet.