🕴 An Emerging Threat: Attacking 5G Via Network Slices 🕴
📖 Read
via "Dark Reading".
A successful attack against 5G networks could disrupt critical infrastructure, manipulate sensor data, or even cause physical harm to humans.📖 Read
via "Dark Reading".
Dark Reading
An Emerging Threat: Attacking 5G Via Network Slices
A successful attack against 5G networks could disrupt critical infrastructure, manipulate sensor data, or even cause physical harm to humans.
🕴 Now Is the Time to Plan for Post-Quantum Cryptography 🕴
📖 Read
via "Dark Reading".
Panelists from an RSA Conference keynote agreed that organizations need to begin work on PQC migration, if they haven't already.📖 Read
via "Dark Reading".
Dark Reading
Now Is the Time to Plan for Post-Quantum Cryptography
Panelists from an RSA Conference keynote agreed that organizations need to begin work on PQC migration, if they haven't already.
‼ CVE-2022-24065 ‼
📖 Read
via "National Vulnerability Database".
The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36543 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in SialWeb CMS. This affects an unknown part of the file /about.php. The manipulation of the argument Id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1690 ‼
📖 Read
via "National Vulnerability Database".
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1673 ‼
📖 Read
via "National Vulnerability Database".
The WooCommerce Green Wallet Gateway WordPress plugin before 1.0.2 does not escape the error_envision query parameter before outputting it to the page, leading to a Reflected Cross-Site Scripting vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1647 ‼
📖 Read
via "National Vulnerability Database".
The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1598 ‼
📖 Read
via "National Vulnerability Database".
The WPQA Builder WordPress plugin before 5.4 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0788 ‼
📖 Read
via "National Vulnerability Database".
The WP Fundraising Donation and Crowdfunding Platform WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1569 ‼
📖 Read
via "National Vulnerability Database".
The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1597 ‼
📖 Read
via "National Vulnerability Database".
The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0779 ‼
📖 Read
via "National Vulnerability Database".
The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-1541 ‼
📖 Read
via "National Vulnerability Database".
The Video Slider WordPress plugin before 1.4.8 does not sanitize or escape some of its video settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1684 ‼
📖 Read
via "National Vulnerability Database".
The Cube Slider WordPress plugin through 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users such as admin📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-1688 ‼
📖 Read
via "National Vulnerability Database".
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1709 ‼
📖 Read
via "National Vulnerability Database".
The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF checks in place when deleting comments (either all, spam, or pending), allowing attackers to make a logged in admin delete comments via a CSRF attack📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1241 ‼
📖 Read
via "National Vulnerability Database".
The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1005 ‼
📖 Read
via "National Vulnerability Database".
The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode characters📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20017 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in The Next Generation of Genealogy Sitebuilding up to 11.1.0. This issue affects some unknown processing of the file /timeline2.php. The manipulation of the argument primaryID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.1.1 is able to address this issue. It is recommended to upgrade the affected component.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1695 ‼
📖 Read
via "National Vulnerability Database".
The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1394 ‼
📖 Read
via "National Vulnerability Database".
The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed📖 Read
via "National Vulnerability Database".