βΌ CVE-2022-3236 βΌ
π Read
via "National Vulnerability Database".
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40716 βΌ
π Read
via "National Vulnerability Database".
HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."π Read
via "National Vulnerability Database".
π1
ποΈ CI/CD servers readily breached by abusing SCM webhooks, researchers find ποΈ
π Read
via "The Daily Swig".
Webhook, line, and sinkerπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
CI/CD servers readily breached by abusing SCM webhooks, researchers find
Webhook, line, and sinker
β Morgan Stanley fined millions for selling off devices full of customer PII β
π Read
via "Naked Security".
Critical data on old disks always seems inaccessible if you really need it. But when you DON''T want it back, guess what happens...π Read
via "Naked Security".
Naked Security
Morgan Stanley fined millions for selling off devices full of customer PII
Critical data on old disks always seems inaccessible if you really need it. But when you DONβT want it back, guess what happensβ¦
π1
βΌ CVE-2022-40854 βΌ
π Read
via "National Vulnerability Database".
Tenda AC18 router contained a stack overflow vulnerability in /goform/fast_setting_wifi_setπ Read
via "National Vulnerability Database".
βΌ CVE-2022-40861 βΌ
π Read
via "National Vulnerability Database".
Tenda AC18 router V15.03.05.19 contains a stack overflow vulnerability in the formSetQosBand->FUN_0007db78 function with the request /goform/SetNetControlList/π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-38095 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27492 βΌ
π Read
via "National Vulnerability Database".
An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40853 βΌ
π Read
via "National Vulnerability Database".
Tenda AC15 router V15.03.05.19 contains a stack overflow via the list parameter at /goform/fast_setting_wifi_setπ Read
via "National Vulnerability Database".
βΌ CVE-2022-38703 βΌ
π Read
via "National Vulnerability Database".
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Foundry Button Plugin MaxButtons plugin <= 9.2 at WordPressπ Read
via "National Vulnerability Database".
βΌ CVE-2022-36791 βΌ
π Read
via "National Vulnerability Database".
Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Awesome UG Torro Forms plugin <= 1.0.16 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40860 βΌ
π Read
via "National Vulnerability Database".
Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability in the function formSetQosBand->FUN_0007dd20 with request /goform/SetNetControlListπ Read
via "National Vulnerability Database".
βΌ CVE-2022-3144 βΌ
π Read
via "National Vulnerability Database".
The Wordfence Security Γ’β¬β Firewall & Malware Scan plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 7.6.0 via a setting on the options page due to insufficient escaping on the stored value. This makes it possible for authenticated users, with administrative privileges, to inject malicious web scripts into the setting that executes whenever a user accesses a page displaying the affected setting on sites running a vulnerable version.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40193 βΌ
π Read
via "National Vulnerability Database".
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40865 βΌ
π Read
via "National Vulnerability Database".
Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnerabilities in the function setSchedWifi with the request /goform/openSchedWifi/π Read
via "National Vulnerability Database".
βΌ CVE-2022-38085 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam plugin <= 1.1.8 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40869 βΌ
π Read
via "National Vulnerability Database".
Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined parameter "list*" ("%s%d","list").π Read
via "National Vulnerability Database".
βΌ CVE-2022-40867 βΌ
π Read
via "National Vulnerability Database".
Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/π Read
via "National Vulnerability Database".
βΌ CVE-2022-37328 βΌ
π Read
via "National Vulnerability Database".
Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in Themes Awesome History Timeline plugin <= 1.0.5 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37338 βΌ
π Read
via "National Vulnerability Database".
Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Blossom Recipe Maker plugin <= 1.0.7 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40866 βΌ
π Read
via "National Vulnerability Database".
Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/π Read
via "National Vulnerability Database".