🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-35910 ‼

In Jellyfin before 10.8, stored XSS allows theft of an admin access token.

📖 Read

via "National Vulnerability Database".

261 views14:17

‼ CVE-2022-35909 ‼

In Jellyfin before 10.8, the /users endpoint has incorrect access control for admin functionality.

📖 Read

via "National Vulnerability Database".

255 views14:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-2889 ‼

Use After Free in GitHub repository vim/vim prior to 9.0.0224.

📖 Read

via "National Vulnerability Database".

248 views14:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-36220 ‼

Kiosk breakout (without quit password) in Safe Exam Browser (Windows) <3.4.0, which allows an attacker to achieve code execution via the browsers' print dialog.

📖 Read

via "National Vulnerability Database".

251 views14:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-1021 ‼

Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0.

📖 Read

via "National Vulnerability Database".

263 views14:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-29805 ‼

A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload.

📖 Read

via "National Vulnerability Database".

277 views14:17

🛡 Cybersecurity & Privacy 🛡 - News

🕴 Cyber Resiliency Isn't Just About Technology, It's About People 🕴

To lessen burnout and prioritize staff resiliency, put people in a position to succeed with staffwide cybersecurity training to help ease the burden on IT and security personnel.

📖 Read

via "Dark Reading".

Dark Reading

Cyber Resiliency Isn't Just About Technology, It's About People

To lessen burnout and prioritize staff resiliency, put people in a position to succeed with staffwide cybersecurity training to help ease the burden on IT and security personnel.

289 views14:30

🛡 Cybersecurity & Privacy 🛡 - News

❌ iPhone Users Urged to Update to Patch 2 Zero-Days ❌

Apple is urging macOS, iPhone and iPad users immediately to install respective updates this week that includes fixes for two zero-days under active attack. The patches are for vulnerabilities that allow attackers to execute arbitrary code and ultimately take over devices. iOS 15.6.1 and macOS Monterey 12.5.1 both patch the two flaws, which basically impact […]

📖 Read

via "Threat Post".

Threat Post

iPhone Users Urged to Update to Patch 2 Zero-Days

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.

296 views15:32

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-34624 ‼

Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request.

📖 Read

via "National Vulnerability Database".

252 views16:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-34621 ‼

Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows attackers to modify user passwords and other attributes via modification of the user_id parameter.

📖 Read

via "National Vulnerability Database".

242 views16:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-36605 ‼

Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter.

📖 Read

via "National Vulnerability Database".

👍1

237 views16:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-35201 ‼

Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability.

📖 Read

via "National Vulnerability Database".

229 views16:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-36263 ‼

StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file.

📖 Read

via "National Vulnerability Database".

232 views16:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-34615 ‼

Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks.

📖 Read

via "National Vulnerability Database".

258 views16:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-34623 ‼

Mealie1.0.0beta3 is vulnerable to user enumeration via timing response discrepancy between users and non-users when an invalid password message is displayed during an authentication attempt.

📖 Read

via "National Vulnerability Database".

271 views16:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-36606 ‼

Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database.

📖 Read

via "National Vulnerability Database".

289 views16:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-36577 ‼

An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin.

📖 Read

via "National Vulnerability Database".

261 views18:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-36225 ‼

EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add.

📖 Read

via "National Vulnerability Database".

👍1

266 views18:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-36578 ‼

jizhicms v2.3.1 has SQL injection in the background.

📖 Read

via "National Vulnerability Database".

273 views18:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-37254 ‼

DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Background - > System - > system function - > configuration management.

📖 Read

via "National Vulnerability Database".

269 views18:17

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-36579 ‼

Wellcms 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF).

📖 Read

via "National Vulnerability Database".

276 views18:17

About

Blog

Apps

Platform