πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-27235 β€Ό

Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress.

πŸ“– Read

via "National Vulnerability Database".
127 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-30998 β€Ό

Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co's Homepage Product Organizer for WooCommerce plugin <= 1.1 at WordPress.

πŸ“– Read

via "National Vulnerability Database".
125 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-33960 β€Ό

Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress.

πŸ“– Read

via "National Vulnerability Database".
124 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0979 β€Ό

Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

πŸ“– Read

via "National Vulnerability Database".
128 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2017-20141 β€Ό

A vulnerability classified as critical has been found in Itech Movie Portal Script 7.36. This affects an unknown part of the file /movie.php. The manipulation of the argument f leads to sql injection (Union). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

πŸ“– Read

via "National Vulnerability Database".
126 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28879 β€Ό

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aepack.dll component can crash the scanning engine.

πŸ“– Read

via "National Vulnerability Database".
131 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2511 β€Ό

Cross-site Scripting (XSS) vulnerability in the "commonuserinterface" component of BlueSpice allows an attacker to inject arbitrary HTML into a page using the title parameter of the call URL.

πŸ“– Read

via "National Vulnerability Database".
136 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-2510 β€Ό

Cross-site Scripting (XSS) vulnerability in "Extension:ExtendedSearch" of Hallo Welt! GmbH BlueSpice allows attacker to inject arbitrary HTML (XSS) on page "Special:SearchCenter", using the search term in the URL.

πŸ“– Read

via "National Vulnerability Database".
143 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-0980 β€Ό

Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interactions.

πŸ“– Read

via "National Vulnerability Database".
160 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-34839 β€Ό

Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server plugin <= 1.0.1 at WordPress.

πŸ“– Read

via "National Vulnerability Database".
176 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-34650 β€Ό

Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress.

πŸ“– Read

via "National Vulnerability Database".
221 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-33191 β€Ό

Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Chinmoy Paul's Testimonials plugin <= 3.0.1 at WordPress.

πŸ“– Read

via "National Vulnerability Database".
241 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-34853 β€Ό

Multiple Authenticated (contributor or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress.

πŸ“– Read

via "National Vulnerability Database".
265 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-25759 β€Ό

The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload.

πŸ“– Read

via "National Vulnerability Database".
250 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Understanding Proposed SEC Rules Through an ESG Lens πŸ•΄

Cyber threats are putting environmental, social, and governance discussions at the forefront of board meetings and C-suite discussions around the globe.

πŸ“– Read

via "Dark Reading".
Dark Reading
Understanding Proposed SEC Rules Through an ESG Lens
Cyber threats are putting environmental, social, and governance discussions at the forefront of board meetings and C-suite discussions around the globe.
253 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-34113 β€Ό

An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin.

πŸ“– Read

via "National Vulnerability Database".
200 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-34112 β€Ό

An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator.

πŸ“– Read

via "National Vulnerability Database".
188 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-34114 β€Ό

Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.

πŸ“– Read

via "National Vulnerability Database".
189 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36408 β€Ό

PrestaShop 1.6.0.10 through 1.7.x before 1.7.8.2 allows remote attackers to execute arbitrary code, aka a "previously unknown vulnerability chain" related to SQL injection, as exploited in the wild in July 2022.

πŸ“– Read

via "National Vulnerability Database".
201 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-34115 β€Ό

Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.

πŸ“– Read

via "National Vulnerability Database".
241 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Office macro security: on-again-off-again feature now BACK ON AGAIN! ⚠

20 years to turn it on, then 20 weeks to turn it off, then just 2 weeks to turn it back on again. That's progress!

πŸ“– Read

via "Naked Security".
Naked Security
Office macro security: on-again-off-again feature now BACK ON AGAIN!
20 years to turn it on, then 20 weeks to turn it off, then just 2 weeks to turn it back on again. That’s progress!
246 views