βΌ CVE-2022-27816 βΌ
π Read
via "National Vulnerability Database".
SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27432 βΌ
π Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27815 βΌ
π Read
via "National Vulnerability Database".
SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an information leak or denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1172 βΌ
π Read
via "National Vulnerability Database".
Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-23868 βΌ
π Read
via "National Vulnerability Database".
RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1177 βΌ
π Read
via "National Vulnerability Database".
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25598 βΌ
π Read
via "National Vulnerability Database".
Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23869 βΌ
π Read
via "National Vulnerability Database".
In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1178 βΌ
π Read
via "National Vulnerability Database".
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1155 βΌ
π Read
via "National Vulnerability Database".
Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1154 βΌ
π Read
via "National Vulnerability Database".
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1181 βΌ
π Read
via "National Vulnerability Database".
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24131 βΌ
π Read
via "National Vulnerability Database".
DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) through /admin/login.php in the background, which will lead to JavaScript code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1180 βΌ
π Read
via "National Vulnerability Database".
Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1179 βΌ
π Read
via "National Vulnerability Database".
Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.π Read
via "National Vulnerability Database".
π΄ How Security Complexity Is Being Weaponized π΄
π Read
via "Dark Reading".
As environments grow noisier, it becomes easier for attackers to intentionally create distractions.π Read
via "Dark Reading".
Dark Reading
How Security Complexity Is Being Weaponized
As environments grow noisier, it becomes easier for attackers to intentionally create distractions.
ποΈ βDangerousβ EU web authentication plan threatens to undercut browser-led certification system, detractors claim ποΈ
π Read
via "The Daily Swig".
Signatories to a letter criticizing EU scheme share their misgivings with The Daily Swigπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
βDangerousβ EU web authentication plan threatens to undercut browser-led certification system, detractors claim
Signatories to a letter criticizing EU scheme share their misgivings with The Daily Swig
β Zlib data compressor fixes 17-year-old security bug β patch, errrm, now β
π Read
via "Naked Security".
This code is venerable! Surely all the bugs must be out by now?π Read
via "Naked Security".
Naked Security
Zlib data compressor fixes 17-year-old security bug β patch, errrm, now
This code is venerable! Surely all the bugs must be out by now?
ποΈ SQL injection protections in ImpressCMS could be bypassed to achieve RCE ποΈ
π Read
via "The Daily Swig".
Features designed to protect against SQL injection could be abused and turned against the host applicationπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
SQL injection protections in ImpressCMS could be bypassed to achieve RCE
Features designed to protect against SQL injection could be abused and turned against the host application
β World Backup Day: 5 data recovery tips for everyone! β
π Read
via "Naked Security".
The only backup you will ever regret is the one you didn't makeπ Read
via "Naked Security".
Naked Security
World Backup Day: 5 data recovery tips for everyone!
The only backup you will ever regret is the one you didnβt make
π₯1
π΄ Cloud Security Architecture Needs to Be Strategic, Realistic, and Based on Risk π΄
π Read
via "Dark Reading".
Info-Tech Research Group has released a new research blueprint to help organizations plan the components necessary to build a cloud security architecture.π Read
via "Dark Reading".
Dark Reading
Cloud Security Architecture Needs to Be Strategic, Realistic, and Based on Risk
Info-Tech Research Group has released a new research blueprint to help organizations plan the components necessary to build a cloud security architecture.