βΌ CVE-2022-38085 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam plugin <= 1.1.8 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40869 βΌ
π Read
via "National Vulnerability Database".
Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined parameter "list*" ("%s%d","list").π Read
via "National Vulnerability Database".
βΌ CVE-2022-40867 βΌ
π Read
via "National Vulnerability Database".
Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/π Read
via "National Vulnerability Database".
βΌ CVE-2022-37328 βΌ
π Read
via "National Vulnerability Database".
Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in Themes Awesome History Timeline plugin <= 1.0.5 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37338 βΌ
π Read
via "National Vulnerability Database".
Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Blossom Recipe Maker plugin <= 1.0.7 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40866 βΌ
π Read
via "National Vulnerability Database".
Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/π Read
via "National Vulnerability Database".
βΌ CVE-2022-40868 βΌ
π Read
via "National Vulnerability Database".
Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/π Read
via "National Vulnerability Database".
βΌ CVE-2022-40851 βΌ
π Read
via "National Vulnerability Database".
Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40864 βΌ
π Read
via "National Vulnerability Database".
Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function setSmartPowerManagement with the request /goform/PowerSaveSetπ Read
via "National Vulnerability Database".
βΌ CVE-2022-23144 βΌ
π Read
via "National Vulnerability Database".
There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35252 βΌ
π Read
via "National Vulnerability Database".
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36798 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Topdigitaltrends Mega Addons For WPBakery Page Builder plugin <= 4.2.7 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38061 βΌ
π Read
via "National Vulnerability Database".
Authenticated (author+) CSV Injection vulnerability in Export Post Info plugin <= 1.2.0 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35257 βΌ
π Read
via "National Vulnerability Database".
A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35253 βΌ
π Read
via "National Vulnerability Database".
A vulnerability exists in Hyperledger Fabric <2.4 could allow an attacker to construct a non-validated request that could cause a denial of service attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35238 βΌ
π Read
via "National Vulnerability Database".
Unauthenticated Plugin Settings Change vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2937 βΌ
π Read
via "National Vulnerability Database".
The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3257 βΌ
π Read
via "National Vulnerability Database".
Mattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30121 βΌ
π Read
via "National Vulnerability Database".
The Γ’β¬ΕLANDesk(R) Management AgentΓ’β¬οΏ½ service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows a limited user to get escalated admin privileges on their system.π Read
via "National Vulnerability Database".
ποΈ Netlify vulnerable to XSS, SSRF attacks via cache poisoning ποΈ
π Read
via "The Daily Swig".
Issue has since been fixedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Netlify vulnerable to XSS, SSRF attacks via cache poisoning
Issue has since been fixed
π Friday Five 9/23 π
π Read
via "".
Experts are growing worried that the next cyber attack could come from an unlikely source, like an open source component or even your web browserβs spell checker. Read about this news and more in this weekβs Friday Five!
π Read
via "".