πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-38059 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Alexey Trofimov's Access Code Feeder plugin <= 1.0.3 at WordPress.

πŸ“– Read

via "National Vulnerability Database".
129 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-37404 β€Ό

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christian Salazar's add2fav plugin <= 1.0 at WordPress.

πŸ“– Read

via "National Vulnerability Database".
134 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-38285 β€Ό

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list.

πŸ“– Read

via "National Vulnerability Database".
134 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36422 β€Ό

Rating increase/decrease via race condition in Lester 'GaMerZ' Chan WP-PostRatings plugin <= 1.89 at WordPress.

πŸ“– Read

via "National Vulnerability Database".
143 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-38096 β€Ό

A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

πŸ“– Read

via "National Vulnerability Database".
153 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-38279 β€Ό

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/list.

πŸ“– Read

via "National Vulnerability Database".
164 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36873 β€Ό

Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLinker of?Waterplugin prior to version 2.2.11.22081151 leaks MAC address of the connected Bluetooth device.

πŸ“– Read

via "National Vulnerability Database".
181 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-3147 β€Ό

Mattermost version 7.0.x and earlier fails to sufficiently limit the in-memory sizes of concurrently uploaded JPEG images, which allows authenticated users to cause resource exhaustion on specific system configurations, resulting in server-side Denial of Service.

πŸ“– Read

via "National Vulnerability Database".
196 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-35725 β€Ό

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hans Matzen's wp-forecast plugin <= 7.5 at WordPress.

πŸ“– Read

via "National Vulnerability Database".
❀1
225 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ S3 Ep99: TikTok β€œattack” – was there a data breach, or not? [Audio + Text] ⚠

Latest episode - listen now! (Or read if you prefer - full transcript inside.)

πŸ“– Read

via "Naked Security".
Naked Security
S3 Ep99: TikTok β€œattack” – was there a data breach, or not? [Audio + Text]
Latest episode – listen now! (Or read if you prefer – full transcript inside.)
262 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ How to deal with dates and times without any timezone tantrums… ⚠

Heartfelt encouragement to embrace RFC 3339 - find out why!

πŸ“– Read

via "Naked Security".
Naked Security
How to deal with dates and times without any timezone tantrums…
Heartfelt encouragement to embrace RFC 3339 – find out why!
267 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ UK, US condemn Iran for β€˜unprecedented’ cyber attack against Albania πŸ“’

The Balkan nation has cut ties with Iran following the hack, which took down national infrastructure and exposed government information

πŸ“– Read

via "ITPro".
IT PRO
UK, US condemn Iran for β€˜unprecedented’ cyber attack against Albania | IT PRO
The Balkan nation has cut ties with Iran following the hack, which took down national infrastructure and exposed government information
885 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ DrayTek Vigor 2866ax review: Faster than you might expect πŸ“’

A versatile and very affordable SMB security router with Wi-Fi 6 and top-notch WAN redundancy

πŸ“– Read

via "ITPro".
IT PRO
DrayTek Vigor 2866ax review: Faster than you might expect | IT PRO
A versatile and very affordable SMB security router with Wi-Fi 6 and top-notch WAN redundancy
214 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Thoma Bravo pulls plug on Darktrace takeover πŸ“’

Shares in the UK cyber firm slumped 30%, as investors had pinned hopes on takeover deal

πŸ“– Read

via "ITPro".
IT PRO
Thoma Bravo pulls plug on Darktrace takeover | IT PRO
Shares in the UK cyber firm slumped 30%, as investors had pinned hopes on takeover deal
204 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ HP patches high-severity security flaw in its own support tool πŸ“’

The application that's installed in every HP desktop and notebook was allowing hackers to elevate privileges through a DLL hijacking vulnerability

πŸ“– Read

via "ITPro".
IT PRO
HP patches high-severity security flaw in its own support tool | IT PRO
The application that's installed in every HP desktop and notebook was allowing hackers to elevate privileges through a DLL hijacking vulnerability
204 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28742 β€Ό

aEnrich eHRD Learning Management Key Performance Indicator System 5+ has Improper Access Control. The web application does not validate user session when accessing many application pages. This can allow an attacker to gain unauthenticated access to sensitive functionalities in the application

πŸ“– Read

via "National Vulnerability Database".
178 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-28741 β€Ό

aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion (LFI) vulnerability that occurs due to missing input validation in v5.x

πŸ“– Read

via "National Vulnerability Database".
175 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-36617 β€Ό

Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. This issue allows attackers with administrative privileges to recover cleartext passwords.

πŸ“– Read

via "National Vulnerability Database".
177 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-38614 β€Ό

An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter.

πŸ“– Read

via "National Vulnerability Database".
167 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-38613 β€Ό

A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system.

πŸ“– Read

via "National Vulnerability Database".
169 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-40317 β€Ό

OpenKM 6.3.11 allows stored XSS related to the javascript&colon; substring in an A element.

πŸ“– Read

via "National Vulnerability Database".
163 views