βΌ CVE-2022-28892 βΌ
π Read
via "National Vulnerability Database".
Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1514 βΌ
π Read
via "National Vulnerability Database".
Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user's machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22441 βΌ
π Read
via "National Vulnerability Database".
IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. IBM X-Force ID: 224426.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29413 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress via &title parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29410 βΌ
π Read
via "National Vulnerability Database".
Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids).π Read
via "National Vulnerability Database".
βΌ CVE-2021-38952 βΌ
π Read
via "National Vulnerability Database".
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211408.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27860 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge's Footer Text plugin <= 2.0.3 on WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29585 βΌ
π Read
via "National Vulnerability Database".
In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (rather than only being shown for the institution that the viewer is a member of).π Read
via "National Vulnerability Database".
βΌ CVE-2022-22427 βΌ
π Read
via "National Vulnerability Database".
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223720.π Read
via "National Vulnerability Database".
π΄ Microsoft: Russia Using Cyberattacks in Coordination With Military Invasion of Ukraine π΄
π Read
via "Dark Reading".
Six Russian state-backed threat actors have lunched 237 cyberattacks on Ukraine's infrastructure, new research from MIcrosoft shows.π Read
via "Dark Reading".
Dark Reading
Microsoft: Russia Using Cyberattacks in Coordination With Military Invasion of Ukraine
Six Russian state-backed threat actors have lunched 237 cyberattacks on Ukraine's infrastructure, new research from MIcrosoft shows.
π The Most Exploited Vulnerabilities of 2021 π
π Read
via "".
U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities say these vulnerabilities were targeted the most by hackers last year.π Read
via "".
Digital Guardian
The Most Exploited Vulnerabilities of 2021
U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities say these vulnerabilities were targeted the most by hackers last year.
π΄ Capital One Ventures, Snowflake Ventures, Verizon Ventures, and Wipro Ventures Join Securonix $1B+ Growth Investment as Strategic Investors π΄
π Read
via "Dark Reading".
Blue Chip Companies Deepen Commitment Based on Success of Long-Standing Customer and Partner Relationships and Conviction of Securonixβs Vision and Hypergrowth Potentialπ Read
via "Dark Reading".
π΄ IT Teams Worry Staff Lack Cloud-Specific Skills π΄
π Read
via "Dark Reading".
Security, cost, and reliability top the list of concerns IT teams have about their cloud operations, according to a recent report.π Read
via "Dark Reading".
Dark Reading
IT Teams Worry Staff Lack Cloud-Specific Skills
Security, cost, and reliability top the list of concerns IT teams have about their cloud operations, according to a recent report.
π΄ Microsoft Patches Pair of Dangerous Vulnerabilities in Azure PostgreSQL π΄
π Read
via "Dark Reading".
Flaws gave attackers a way to access other cloud accounts and databases, security vendor says.π Read
via "Dark Reading".
Dark Reading
Microsoft Patches Pair of Dangerous Vulnerabilities in Azure PostgreSQL
Flaws gave attackers a way to access other cloud accounts and databases, security vendor says.
βΌ CVE-2022-29555 βΌ
π Read
via "National Vulnerability Database".
The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29081 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24449 βΌ
π Read
via "National Vulnerability Database".
Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28477 βΌ
π Read
via "National Vulnerability Database".
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS).π Read
via "National Vulnerability Database".
βΌ CVE-2022-28454 βΌ
π Read
via "National Vulnerability Database".
Limbas 4.3.36.1319 is vulnerable to Cross Site Scripting (XSS).π Read
via "National Vulnerability Database".
βΌ CVE-2022-24898 βΌ
π Read
via "National Vulnerability Database".
org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. Starting in version 2.7 and prior to versions 12.10.10, 13.4.4, and 13.8-rc-1, it is possible for a script to access any file accessing to the user running XWiki application server with XML External Entity Injection through the XML script service. The problem has been patched in versions 12.10.10, 13.4.4, and 13.8-rc-1. There is no easy workaround for fixing this vulnerability other than upgrading and being careful when giving Script rights.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28060 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php.π Read
via "National Vulnerability Database".