βΌ CVE-2022-22719 βΌ
π Read
via "National Vulnerability Database".
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23943 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.π Read
via "National Vulnerability Database".
ποΈ βCybersecurity incidentβ at Ubisoft disrupts operations, forces company-wide password reset ποΈ
π Read
via "The Daily Swig".
Lapsu$ threat actors have been linked to the cyber-attackπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
βCybersecurity incidentβ at Ubisoft disrupts operations, forces company-wide password reset
Lapsu$ threat actors have been linked to the cyber-attack
β Cybercrooksβ Political In-Fighting Threatens the West β
π Read
via "Threat Post".
Theyβre choosing sides in the Russia-Ukraine war, beckoning previously shunned ransomware groups and thereby reinvigorating those groups' once-diminished power.π Read
via "Threat Post".
Threat Post
Cybercrooksβ Political In-Fighting Threatens the West
Theyβre choosing sides in the Russia-Ukraine war, beckoning previously shunned ransomware groups and thereby reinvigorating those groups' once-diminished power.
βΌ CVE-2022-0941 βΌ
π Read
via "National Vulnerability Database".
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-24385 βΌ
π Read
via "National Vulnerability Database".
A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24387 βΌ
π Read
via "National Vulnerability Database".
With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010π Read
via "National Vulnerability Database".
βΌ CVE-2022-24386 βΌ
π Read
via "National Vulnerability Database".
Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24384 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.π Read
via "National Vulnerability Database".
π΄ Governments Should Decide Who Gets to Buy Spyware π΄
π Read
via "Dark Reading".
And the world must face the fact that offensive cyber tools have evolved into weapons that are no different from tanks, drones, or missiles.π Read
via "Dark Reading".
Dark Reading
Governments Should Decide Who Gets to Buy Spyware
And the world must face the fact that offensive cyber tools have evolved into weapons that are no different from tanks, drones, or missiles.
ποΈ Data breach at US heart disease treatment center impacts 287,000 individuals ποΈ
π Read
via "The Daily Swig".
South Denver Cardiology Associates admits hackπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Data breach at US heart disease treatment center impacts 287,000 individuals
South Denver Cardiology Associates admits hack
βΌ CVE-2022-0700 βΌ
π Read
via "National Vulnerability Database".
The Simple Tracking WordPress plugin before 1.7 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2022-0165 βΌ
π Read
via "National Vulnerability Database".
The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated usersπ Read
via "National Vulnerability Database".
βΌ CVE-2022-0254 βΌ
π Read
via "National Vulnerability Database".
The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injectionπ Read
via "National Vulnerability Database".
βΌ CVE-2022-0478 βΌ
π Read
via "National Vulnerability Database".
The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not validate and escape the post_author_gutenberg parameter before using it in a SQL statement when creating/editing events, which could allow users with a role as low as contributor to perform SQL Injection attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2021-25006 βΌ
π Read
via "National Vulnerability Database".
The MOLIE WordPress plugin through 0.5 does not escape the course_id parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issueπ Read
via "National Vulnerability Database".
βΌ CVE-2022-0147 βΌ
π Read
via "National Vulnerability Database".
The Cookie Information | Free GDPR Consent Solution WordPress plugin before 2.0.8 does not escape user data before outputting it back in attributes in the admin dashboard, leading to a Reflected Cross-Site Scripting issueπ Read
via "National Vulnerability Database".
βΌ CVE-2022-0701 βΌ
π Read
via "National Vulnerability Database".
The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2022-0593 βΌ
π Read
via "National Vulnerability Database".
The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0703 βΌ
π Read
via "National Vulnerability Database".
The GD Mylist WordPress plugin through 1.1.1 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2022-0399 βΌ
π Read
via "National Vulnerability Database".
The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener AJAX action's response, leading to a Reflected Cross-Site Scriptingπ Read
via "National Vulnerability Database".