‼ CVE-2022-26268 ‼
📖 Read
via "National Vulnerability Database".
Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /app/controller/Books.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26599 ‼
📖 Read
via "National Vulnerability Database".
ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24303 ‼
📖 Read
via "National Vulnerability Database".
Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26600 ‼
📖 Read
via "National Vulnerability Database".
ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44617 ‼
📖 Read
via "National Vulnerability Database".
A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26259 ‼
📖 Read
via "National Vulnerability Database".
A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allows attackers to cause a Denial of Service (DoS) via a crafted RSTP request.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26255 ‼
📖 Read
via "National Vulnerability Database".
Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44213 ‼
📖 Read
via "National Vulnerability Database".
OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26258 ‼
📖 Read
via "National Vulnerability Database".
D-Link DIR-820L 1.05B03 was discovered to contain a remote command execution (RCE) vulnerability via the Device Name parameter in /lan.asp.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45490 ‼
📖 Read
via "National Vulnerability Database".
The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44211 ‼
📖 Read
via "National Vulnerability Database".
OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26601 ‼
📖 Read
via "National Vulnerability Database".
ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44210 ‼
📖 Read
via "National Vulnerability Database".
OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44209 ‼
📖 Read
via "National Vulnerability Database".
OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44212 ‼
📖 Read
via "National Vulnerability Database".
OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27950 ‼
📖 Read
via "National Vulnerability Database".
In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition.📖 Read
via "National Vulnerability Database".
⚠ UK police arrest 7 hacking suspects – have they bust the LAPSUS$ gang? ⚠
📖 Read
via "Naked Security".
Seven alleged hackers have been arrested in the UK. But who are they, and which hacking crew are they from?📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
🗓️ FCC adds Kaspersky products to list of national security threats as Russian invasion of Ukraine continues 🗓️
📖 Read
via "The Daily Swig".
Russian antivirus vendor cited in expanded guidance📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
FCC adds Kaspersky products to list of national security threats as Russian invasion of Ukraine continues
Russian antivirus vendor cited in expanded guidance
🕴 Security's Life Cycle Isn't the Developers' Life Cycle 🕴
📖 Read
via "Dark Reading".
Whether it's PCI-DSS, SSDLC, or GDPR, the criteria that security standards expect businesses to uphold are neither realistic or feasible.📖 Read
via "Dark Reading".
Dark Reading
Security's Life Cycle Isn't the Developers' Life Cycle
Whether it's PCI-DSS, SSDLC, or GDPR, the criteria that security standards expect businesses to uphold are neither realistic or feasible.
⚠ Google Chrome patches mysterious new zero-day bug – update now ⚠
📖 Read
via "Naked Security".
CVE-2022-1096 - another mystery in-the-wild 0-day in Chrome... check your version now!📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
👍1
‼ CVE-2022-23884 ‼
📖 Read
via "National Vulnerability Database".
Mojang Bedrock Dedicated Server 1.18.2 is affected by an integer overflow leading to a bound check bypass caused by PurchaseReceiptPacket::_read (packet deserializer).📖 Read
via "National Vulnerability Database".