🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-43101 ‼

A File Upload vulnerability exists in bbs 5.3 is via MembershipCardManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code.

📖 Read

via "National Vulnerability Database".

143 views00:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-26291 ‼

lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted Irz file.

📖 Read

via "National Vulnerability Database".

151 views00:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-26640 ‼

TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter.

📖 Read

via "National Vulnerability Database".

148 views00:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-26280 ‼

Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.

📖 Read

via "National Vulnerability Database".

157 views00:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-43103 ‼

A File Upload vulnerability exists in bbs 5.3 is via ForumManageAction.java in a GetType function, which lets a remote malicious user execute arbitrary code.

📖 Read

via "National Vulnerability Database".

166 views00:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-43097 ‼

A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction.javawhich could let a malicoius user execute arbitrary code.

📖 Read

via "National Vulnerability Database".

187 views00:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-26296 ‼

BOOM: The Berkeley Out-of-Order RISC-V Processor commit d77c2c3 was discovered to allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

📖 Read

via "National Vulnerability Database".

234 views00:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-26642 ‼

TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter.

📖 Read

via "National Vulnerability Database".

258 views00:40

🛡 Cybersecurity & Privacy 🛡 - News

🕴 Low-Code/No-Code Tools Are Popular, But Untrusted 🕴

While low-code and no-code tools make application development more flexible, they open up security flaws.

📖 Read

via "Dark Reading".

Dark Reading

Low-Code/No-Code Tools Are Popular but Untrusted

While low-code and no-code tools make application development more flexible, they open up security flaws.

285 views00:57

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-0331 ‼

An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older.

📖 Read

via "National Vulnerability Database".

260 views05:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-44581 ‼

An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter.

📖 Read

via "National Vulnerability Database".

260 views05:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-26269 ‼

Suzuki Connect v1.0.15 allows attackers to tamper with displayed messages via spoofed CAN messages.

📖 Read

via "National Vulnerability Database".

256 views05:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-45866 ‼

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Student Attendance Management System 1.0 via the couse filed in index.php.

📖 Read

via "National Vulnerability Database".

219 views05:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-23937 ‼

In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange scenario.

📖 Read

via "National Vulnerability Database".

216 views05:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-24956 ‼

An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search functionality of b2border and b2borderlist allows SQL injection. Possible techniques are boolean-based blind, time-based blind, and potentially stacked queries. The vulnerability allows a remote authenticated attacker to dump the underlying database.

📖 Read

via "National Vulnerability Database".

238 views05:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-25521 ‼

UNNO v03.11.00 was discovered to contain access control issue.

📖 Read

via "National Vulnerability Database".

266 views05:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-25420 ‼

NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This vulnerability allows attackers to execute arbitrary code via a crafted HTTP request.

📖 Read

via "National Vulnerability Database".

313 views05:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-24957 ‼

DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will be attacked.

📖 Read

via "National Vulnerability Database".

362 views05:40

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-45865 ‼

A File Upload vulnerability exists in Sourcecodester Student Attendance Manageent System 1.0 via the file upload functionality.

📖 Read

via "National Vulnerability Database".

417 views05:41

🛡 Cybersecurity & Privacy 🛡 - News

🗓️ Ukrainian ISP used by military disrupted by ‘powerful’ cyber-attack 🗓️

Russia blamed after internet knocked offline for many across the country

📖 Read

via "The Daily Swig".

The Daily Swig | Cybersecurity news and views

Ukrainian ISP used by military disrupted by ‘powerful’ cyber-attack

Russia blamed after internet knocked offline for many across the country

427 views10:44

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-23059 ‼

A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions v2.0.2 through v2.17.0 via the â€œManage Imagesâ€� tab, which allows an attacker to upload a SVG file containing malicious JavaScript code.

📖 Read

via "National Vulnerability Database".

👍1

403 views12:41

About

Blog

Apps

Platform