βΌ CVE-2022-2368 βΌ
π Read
via "National Vulnerability Database".
Business Logic Errors in GitHub repository microweber/microweber prior to 1.2.20.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1794 βΌ
π Read
via "National Vulnerability Database".
The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30792 βΌ
π Read
via "National Vulnerability Database".
In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections. Existing connections are not affected.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29926 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation in Cybozu, Inc. showed that it was not a vulnerability. Notes: https://jvn.jp/en/jp/JVN14077132/π Read
via "National Vulnerability Database".
βΌ CVE-2022-2302 βΌ
π Read
via "National Vulnerability Database".
Multiple Lenze products of the cabinet series skip the password verification upon second login. After a user has been logged on to the device once, a remote attacker can get full access without knowledge of the password.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30791 βΌ
π Read
via "National Vulnerability Database".
In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections. Existing connections are not affected.π Read
via "National Vulnerability Database".
ποΈ βDirty dancingβ in OAuth: Researcher discloses how cyber-attacks can lead to account hijacking ποΈ
π Read
via "The Daily Swig".
Single-click account takeovers are made possible by taking advantage of quirks in OAuthπ Read
via "The Daily Swig".
β Apache βCommons Configurationβ patches Log4Shell-style bug β what you need to know β
π Read
via "Naked Security".
It's a bit like Log4J, but for configuration files, not for logging.π Read
via "Naked Security".
Naked Security
Apache βCommons Configurationβ patches Log4Shell-style bug β what you need to know
Itβs a bit like Log4J, but for configuration files, not for logging.
β That didnβt last! Microsoft turns off the Office security it just turned on β
π Read
via "Naked Security".
An Office anti-malware setting that took more than 20 years to arrive... and fewer than 20 weeks to vanish again.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Proposed SEC Rules Require More Transparency About Cyber-Risk π΄
π Read
via "Dark Reading".
The new guidelines would require public companies to file periodic disclosures about their cybersecurity practices and notify the SEC within 96 hours of a material breach.π Read
via "Dark Reading".
Dark Reading
Proposed SEC Rules Require More Transparency About Cyber-Risk
The new guidelines would require public companies to file periodic disclosures about their cybersecurity practices and notify the SEC within 96 hours of a material breach.
π΄ New Phishing Attacks Shame, Scare Victims into Surrendering Twitter, Discord Credentials π΄
π Read
via "Dark Reading".
Scams pressure victims to "resolve an issue that could impact their status, business."π Read
via "Dark Reading".
Dark Reading
New Phishing Attacks Shame, Scare Victims into Surrendering Twitter, Discord Credentials
Scams pressure victims to "resolve an issue that could impact their status, business."
π΄ Diversity in Cybersecurity: Fostering Gender-Inclusive Teams That Perform Better π΄
π Read
via "Dark Reading".
Proactive steps in recruiting women to cybersecurity teams, along with policies focused on diversity, equity, and inclusion, help make cybersecurity teams more effective. Addressing specific barriers that female candidates face will make those teams more inclusive and more representative.π Read
via "Dark Reading".
Dark Reading
Diversity in Cybersecurity: Fostering Gender-Inclusive Teams That Perform Better
Proactive steps in recruiting women to cybersecurity teams, along with policies focused on diversity, equity, and inclusion, help make cybersecurity teams more effective. Addressing specific barriers that female candidates face will make those teams moreβ¦
βΌ CVE-2022-1057 βΌ
π Read
via "National Vulnerability Database".
The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injectionπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1910 βΌ
π Read
via "National Vulnerability Database".
The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scriptingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-2091 βΌ
π Read
via "National Vulnerability Database".
The Cache Images WordPress plugin before 3.2.1 does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2093 βΌ
π Read
via "National Vulnerability Database".
The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1951 βΌ
π Read
via "National Vulnerability Database".
The core plugin for kitestudio WordPress plugin before 2.3.1 does not sanitise and escape some parameters before outputting them back in a response of an AJAX action, available to both unauthenticated and authenticated users when a premium theme from the vendor is active, leading to a Reflected Cross-Site Scripting.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2050 βΌ
π Read
via "National Vulnerability Database".
The WP-Paginate WordPress plugin before 2.1.9 does not escape one of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when unfiltered_html is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1599 βΌ
π Read
via "National Vulnerability Database".
The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. This can lead to changes in post status (draft, published), slug, post date, comment status (enabled, disabled) and more.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1546 βΌ
π Read
via "National Vulnerability Database".
The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scriptingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1952 βΌ
π Read
via "National Vulnerability Database".
The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validation steps.π Read
via "National Vulnerability Database".