βΌ CVE-2022-33960 βΌ
π Read
via "National Vulnerability Database".
Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0979 βΌ
π Read
via "National Vulnerability Database".
Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20141 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in Itech Movie Portal Script 7.36. This affects an unknown part of the file /movie.php. The manipulation of the argument f leads to sql injection (Union). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28879 βΌ
π Read
via "National Vulnerability Database".
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aepack.dll component can crash the scanning engine.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2511 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) vulnerability in the "commonuserinterface" component of BlueSpice allows an attacker to inject arbitrary HTML into a page using the title parameter of the call URL.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2510 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) vulnerability in "Extension:ExtendedSearch" of Hallo Welt! GmbH BlueSpice allows attacker to inject arbitrary HTML (XSS) on page "Special:SearchCenter", using the search term in the URL.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0980 βΌ
π Read
via "National Vulnerability Database".
Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interactions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34839 βΌ
π Read
via "National Vulnerability Database".
Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server plugin <= 1.0.1 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34650 βΌ
π Read
via "National Vulnerability Database".
Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33191 βΌ
π Read
via "National Vulnerability Database".
Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Chinmoy Paul's Testimonials plugin <= 3.0.1 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34853 βΌ
π Read
via "National Vulnerability Database".
Multiple Authenticated (contributor or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in wpWax Team plugin <= 1.2.6 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25759 βΌ
π Read
via "National Vulnerability Database".
The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload.π Read
via "National Vulnerability Database".
π΄ Understanding Proposed SEC Rules Through an ESG Lens π΄
π Read
via "Dark Reading".
Cyber threats are putting environmental, social, and governance discussions at the forefront of board meetings and C-suite discussions around the globe.π Read
via "Dark Reading".
Dark Reading
Understanding Proposed SEC Rules Through an ESG Lens
Cyber threats are putting environmental, social, and governance discussions at the forefront of board meetings and C-suite discussions around the globe.
βΌ CVE-2022-34113 βΌ
π Read
via "National Vulnerability Database".
An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34112 βΌ
π Read
via "National Vulnerability Database".
An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34114 βΌ
π Read
via "National Vulnerability Database".
Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36408 βΌ
π Read
via "National Vulnerability Database".
PrestaShop 1.6.0.10 through 1.7.x before 1.7.8.2 allows remote attackers to execute arbitrary code, aka a "previously unknown vulnerability chain" related to SQL injection, as exploited in the wild in July 2022.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34115 βΌ
π Read
via "National Vulnerability Database".
Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.π Read
via "National Vulnerability Database".
β Office macro security: on-again-off-again feature now BACK ON AGAIN! β
π Read
via "Naked Security".
20 years to turn it on, then 20 weeks to turn it off, then just 2 weeks to turn it back on again. That's progress!π Read
via "Naked Security".
Naked Security
Office macro security: on-again-off-again feature now BACK ON AGAIN!
20 years to turn it on, then 20 weeks to turn it off, then just 2 weeks to turn it back on again. Thatβs progress!
βΌ CVE-2022-1141 βΌ
π Read
via "National Vulnerability Database".
Use after free in File Manager in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user gesture.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1143 βΌ
π Read
via "National Vulnerability Database".
Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific input into DevTools.π Read
via "National Vulnerability Database".