βΌ CVE-2022-0551 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43659 βΌ
π Read
via "National Vulnerability Database".
In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0955 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/data-hub prior to 1.2.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1058 βΌ
π Read
via "National Vulnerability Database".
Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39491 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box . .π Read
via "National Vulnerability Database".
βΌ CVE-2022-0550 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0.π Read
via "National Vulnerability Database".
π΄ APIs & the Software Supply Chain β Evolving Security for Today's Digital Ecosystem π΄
π Read
via "Dark Reading".
Securing APIs requires both a "shift left" methodology and "shield right" action.π Read
via "Dark Reading".
Dark Reading
APIs & the Software Supply Chain β Evolving Security for Today's Digital Ecosystem
Securing APIs requires both a "shift left" methodology and "shield right" action.
β HubSpot Data Breach Ripples Through Crytocurrency Industry β
π Read
via "Threat Post".
~30 crypto companies were affected, including BlockFi, Swan Bitcoin and NYDIG, providing an uncomfortable reminder about how much data CRM systems snarf up.π Read
via "Threat Post".
Threat Post
HubSpot Data Breach Ripples Through Crytocurrency Industry
~30 crypto companies were affected, including BlockFi, Swan Bitcoin and NYDIG, providing an uncomfortable reminder about how much data CRM systems snarf up.
π΄ For MSPs, Next-Gen Email Security Is a Must π΄
π Read
via "Dark Reading".
Stay one step ahead of the constantly evolving cyber threats with the right MSP email security solution. Discover how to evaluate and select the best service and solutions for your clients.π Read
via "Dark Reading".
Dark Reading
For MSPs, Next-Gen Email Security Is a Must
Stay one step ahead of the constantly evolving cyberthreats with the right MSP email security solution. Discover how to evaluate and select the best service and solutions for your clients.
βΌ CVE-2022-21820 βΌ
π Read
via "National Vulnerability Database".
NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, escalation of privileges, and limited impacts to both data confidentiality and integrity.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26629 βΌ
π Read
via "National Vulnerability Database".
An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.30 in the Lock Screen Security Feature function due to insufficient permissions and privileges, which allows a malicious attacker bypass the lock screen function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0153 βΌ
π Read
via "National Vulnerability Database".
SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25568 βΌ
π Read
via "National Vulnerability Database".
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.π Read
via "National Vulnerability Database".
π΄ How Casinos Can Prevent Loyalty Incentive and Account Takeover Fraud π΄
π Read
via "Dark Reading".
As casinos go digital, their loyalty programs and authentic accounts are at risk.π Read
via "Dark Reading".
Dark Reading
How Casinos Can Prevent Loyalty Incentive and Account Takeover Fraud
As casinos go digital, their loyalty programs and authentic accounts are at risk.
β Just-Released Dark Souls Game, Elden Ring, Includes Killer Bug β
π Read
via "Threat Post".
A patch fixes exploit hidden in Elden Ring that traps PC players in a βdeath loop.βπ Read
via "Threat Post".
Threat Post
Just-Released Dark Souls Game, Elden Ring, Includes Killer Bug
A patch fixes exploit hidden in Elden Ring that traps PC players in a βdeath loop.β
π Proposed Commission Would Seek to Modernize HIPAA π
π Read
via "".
As part of new legislation, a new commission would assess the current state of health data privacy and lay the groundwork for modernizing HIPAA.π Read
via "".
βΌ CVE-2021-43085 βΌ
π Read
via "National Vulnerability Database".
An Insecure Permissions vulnerability exists in the OpenSSL Project 3.0 due to an error in the implementation of the CMAC_Final() function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43666 βΌ
π Read
via "National Vulnerability Database".
A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22374 βΌ
π Read
via "National Vulnerability Database".
The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may be subject to downgrade attack which may affect its ability to operate its host. IBM X-Force ID: 221442.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43084 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tableName parameter.π Read
via "National Vulnerability Database".
β Microsoft Azure Developers Awash in PII-Stealing npm Packages β
π Read
via "Threat Post".
A large-scale, automated typosquatting attack saw 200+ malicious packages flood the npm code repository, targeting popular Azure scopes.π Read
via "Threat Post".
Threat Post
Microsoft Azure Developers Awash in PII-Stealing npm Packages
A large-scale, automated typosquatting attack saw 200+ malicious packages flood the npm code repository, targeting popular Azure scopes.