‼ CVE-2022-2754 ‼
📖 Read
via "National Vulnerability Database".
The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacks📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1591 ‼
📖 Read
via "National Vulnerability Database".
The WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2710 ‼
📖 Read
via "National Vulnerability Database".
The Scroll To Top WordPress plugin before 1.4.1 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3021 ‼
📖 Read
via "National Vulnerability Database".
The Slickr Flickr WordPress plugin through 2.8.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40073 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, saveParentControlInfo.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3141 ‼
📖 Read
via "National Vulnerability Database".
The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40069 ‼
📖 Read
via "National Vulnerability Database".
]Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: fromSetSysTime.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40075 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, form_fast_setting_wifi_set.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3142 ‼
📖 Read
via "National Vulnerability Database".
The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin settings.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40071 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, formSetDeviceName.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40808 ‼
📖 Read
via "National Vulnerability Database".
The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40072 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: setSmartPowerManagement.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40807 ‼
📖 Read
via "National Vulnerability Database".
The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40806 ‼
📖 Read
via "National Vulnerability Database".
The d8s-uuids for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40427 ‼
📖 Read
via "National Vulnerability Database".
The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38880 ‼
📖 Read
via "National Vulnerability Database".
The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The affected version is 0.1.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1580 ‼
📖 Read
via "National Vulnerability Database".
The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40067 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: formSetVirtualSer.📖 Read
via "National Vulnerability Database".
âš LastPass source code breach – incident response report released âš
📖 Read
via "Naked Security".
Wondering how you'd handle a data breach report if the worst happened to you? Here's a useful example.📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
‼ CVE-2022-38886 ‼
📖 Read
via "National Vulnerability Database".
The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40426 ‼
📖 Read
via "National Vulnerability Database".
The d8s-asns for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.📖 Read
via "National Vulnerability Database".