βΌ CVE-2021-36844 βΌ
π Read
via "National Vulnerability Database".
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop WP Subscribe plugin <= 1.2.12 on WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41810 βΌ
π Read
via "National Vulnerability Database".
Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitableπ Read
via "National Vulnerability Database".
βΌ CVE-2022-29444 βΌ
π Read
via "National Vulnerability Database".
Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin's settings including CDN setting which could be further used for XSS attack.π Read
via "National Vulnerability Database".
βοΈ Russia to Rent Tech-Savvy Prisoners to Corporate IT? βοΈ
π Read
via "Krebs on Security".
Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation's prison population to perform low-cost IT work for domestic companies.π Read
via "Krebs on Security".
Krebsonsecurity
Russia to Rent Tech-Savvy Prisoners to Corporate IT?
Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people withinβ¦
π1
βΌ CVE-2021-42530 βΌ
π Read
via "National Vulnerability Database".
XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-4138 βΌ
π Read
via "National Vulnerability Database".
Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-24974 βΌ
π Read
via "National Vulnerability Database".
Links may not be rewritten according to policy in some specially formatted emails.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42528 βΌ
π Read
via "National Vulnerability Database".
XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23618 βΌ
π Read
via "National Vulnerability Database".
A reflected cross site scripting (XSS) vulnerability in Xtend Voice Logger 1.0 allows attackers to execute arbitrary web scripts or HTML, via the path of the error page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23722 βΌ
π Read
via "National Vulnerability Database".
When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing userΓΒ’Γ’β¬ÒβΒ’s password.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23617 βΌ
π Read
via "National Vulnerability Database".
A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42531 βΌ
π Read
via "National Vulnerability Database".
XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23620 βΌ
π Read
via "National Vulnerability Database".
The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42529 βΌ
π Read
via "National Vulnerability Database".
XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23723 βΌ
π Read
via "National Vulnerability Database".
An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-24897 βΌ
π Read
via "National Vulnerability Database".
APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations on the filesystem. Writing an attacking script in Velocity requires the Script rights in XWiki so not all users can use it, and it also requires finding an XWiki API which returns a File. The problem has been patched in versions 12.6.7, 12.10.3, and 13.0. There is no easy workaround for fixing this vulnerability other than upgrading and being careful when giving Script rights.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-42532 βΌ
π Read
via "National Vulnerability Database".
XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2020-23621 βΌ
π Read
via "National Vulnerability Database".
The Java Remote Management Interface of all versions of SVI MS Management System was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21949 βΌ
π Read
via "National Vulnerability Database".
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privileges on OBS. This issue affects: SUSE Open Build Service Open Build Service versions prior to 2.10.13.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23063 βΌ
π Read
via "National Vulnerability Database".
In Shopizer versions 2.3.0 to 3.0.1 are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1214 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository axios/axios prior to 0.26.π Read
via "National Vulnerability Database".