‼ CVE-2022-4840 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4839 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4846 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4843 ‼
📖 Read
via "National Vulnerability Database".
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.8.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4848 ‼
📖 Read
via "National Vulnerability Database".
Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4851 ‼
📖 Read
via "National Vulnerability Database".
Improper Handling of Values in GitHub repository usememos/memos prior to 0.9.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4850 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4847 ‼
📖 Read
via "National Vulnerability Database".
Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4845 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4844 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4841 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.1.📖 Read
via "National Vulnerability Database".
🔥2
♟️ Happy 12th Birthday, KrebsOnSecurity! ♟️
📖 Read
via "Krebs on Security".
KrebsOnSecurity turns 12 years old today. That's a crazy long time for an independent media outlet these days, but then again I'm liable to keep doing this as long as they keep letting me! Thanks to your readership and support, I was able to spend more time in 2022 on in-depth investigative stories -- the really satisfying kind with the potential to affect positive change. Some of that work is highlighted in the 2022 Year in Breaches review below.📖 Read
via "Krebs on Security".
Krebsonsecurity
Happy 13th Birthday, KrebsOnSecurity!
KrebsOnSecurity turns 12 years old today. That's a crazy long time for an independent media outlet these days, but then again I'm liable to keep doing this as long as they keep letting me! Thanks to your readership and support,…
‼ CVE-2022-30519 ‼
📖 Read
via "National Vulnerability Database".
XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary code via password field.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36437 ‼
📖 Read
via "National Vulnerability Database".
The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connection. The affected Hazelcast versions are through 4.0.6, 4.1.9, 4.2.5, 5.0.3, and 5.1.2. The affected Hazelcast Jet versions are through 4.5.3.📖 Read
via "National Vulnerability Database".
🕴 6 Ways to Protect Your Organization Against LAPSUS$ 🕴
📖 Read
via "Dark Reading".
Businesses need to educate employees the type of social engineering attacks used by hacking group DEV-0537 (LAPSUS$) and strengthen their security posture.📖 Read
via "Dark Reading".
Dark Reading
6 Ways to Protect Your Organization Against LAPSUS$
Businesses need to educate employees the type of social engineering attacks used by hacking group DEV-0537 (LAPSUS$) and strengthen their security posture.
‼ CVE-2022-44137 ‼
📖 Read
via "National Vulnerability Database".
SourceCodester Sanitization Management System 1.0 is vulnerable to SQL Injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4857 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Modbus Tools Modbus Poll up to 9.10.0 and classified as critical. Affected by this issue is some unknown functionality of the file mbpoll.exe of the component mbp File Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-217022 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-48194 ‼
📖 Read
via "National Vulnerability Database".
TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4856 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in Modbus Tools Modbus Slave up to 7.5.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file mbslave.exe of the component mbs File Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217021 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4855 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in SourceCodester Lead Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-217020.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48196 ‼
📖 Read
via "National Vulnerability Database".
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122, R6900P before 1.3.3.152, R7000P before 1.3.3.152, R7000 before 1.0.11.136, R7960P before 1.4.4.94, and R8000P before 1.4.4.94.📖 Read
via "National Vulnerability Database".