🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-28219

Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.

📖 Read

via "National Vulnerability Database".
197 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-28651

In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields

📖 Read

via "National Vulnerability Database".
185 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-24811

Combodi iTop is a web based IT Service Management tool. Prior to versions 2.7.6 and 3.0.0, cross-site scripting is possible for scripts outside of script tags when displaying HTML attachments. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.

📖 Read

via "National Vulnerability Database".
182 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-28648

In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered

📖 Read

via "National Vulnerability Database".
184 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-1244

heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.

📖 Read

via "National Vulnerability Database".
195 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-25373

Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history.

📖 Read

via "National Vulnerability Database".
205 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-24780

Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.

📖 Read

via "National Vulnerability Database".
224 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-28650

In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI

📖 Read

via "National Vulnerability Database".
238 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-28649

In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description

📖 Read

via "National Vulnerability Database".
260 views
🛡 Cybersecurity & Privacy 🛡 - News
🔏 New U.S. Cybersecurity Bureau Hopes to Help Shape Policy 🔏

The newly formed Bureau of Cyberspace and Digital Policy aims to address the challenges of cyberspace with policy based on emerging technology.

📖 Read

via "".
Digital Guardian
New U.S. Cybersecurity Bureau Hopes to Help Shape Policy
The newly formed Bureau of Cyberspace and Digital Policy aims to address the challenges of cyberspace with policy based on emerging technology.
298 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 'Human Behavior' Security Startup Nets $7M in Seed 🕴

Nudge Security plans a general launch of its cloud-based service later this year.

📖 Read

via "Dark Reading".
Dark Reading
'Human Behavior' Security Startup Nets $7M in Seed
Nudge Security plans a general launch of its cloud-based service later this year.
243 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-24475

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.

📖 Read

via "National Vulnerability Database".
230 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-23974

In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release 0.10.0 fixes this. See https://docs.pinot.apache.org/basics/releases/0.10.0

📖 Read

via "National Vulnerability Database".
195 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-24523

Microsoft Edge (Chromium-based) Spoofing Vulnerability.

📖 Read

via "National Vulnerability Database".
211 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-27123

Employee Performance Evaluation v1.0 was discovered to contain a SQL injection vulnerability via the email parameter.

📖 Read

via "National Vulnerability Database".
176 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-27304

Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via the user parameter.

📖 Read

via "National Vulnerability Database".
165 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-26900

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.

📖 Read

via "National Vulnerability Database".
167 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-26894

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.

📖 Read

via "National Vulnerability Database".
164 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-26628

Matrimony v1.0 was discovered to contain a SQL injection vulnerability via the Password parameter.

📖 Read

via "National Vulnerability Database".
165 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-28115

Online Sports Complex Booking v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.

📖 Read

via "National Vulnerability Database".
166 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-28467

Online Student Admission v1.0 was discovered to contain a SQL injection vulnerability via the txtapplicationID parameter.

📖 Read

via "National Vulnerability Database".
166 views