โผ CVE-2022-4297 โผ
๐ Read
via "National Vulnerability Database".
The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection๐ Read
via "National Vulnerability Database".
โผ CVE-2022-4356 โผ
๐ Read
via "National Vulnerability Database".
The LetsRecover WordPress plugin through 1.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin๐ Read
via "National Vulnerability Database".
โผ CVE-2022-4329 โผ
๐ Read
via "National Vulnerability Database".
The Product list Widget for Woocommerce WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users (such as high privilege one like admin).๐ Read
via "National Vulnerability Database".
โผ CVE-2022-4362 โผ
๐ Read
via "National Vulnerability Database".
The Popup Maker WordPress plugin before 1.16.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks๐ Read
via "National Vulnerability Database".
โผ CVE-2021-30558 โผ
๐ Read
via "National Vulnerability Database".
Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chrome security severity: Medium)๐ Read
via "National Vulnerability Database".
๐1
โผ CVE-2021-21200 โผ
๐ Read
via "National Vulnerability Database".
Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chrome security severity: Low)๐ Read
via "National Vulnerability Database".
๐1
โผ CVE-2022-0337 โผ
๐ Read
via "National Vulnerability Database".
Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. (Chrome security severity: High)๐ Read
via "National Vulnerability Database".
โผ CVE-2022-4025 โผ
๐ Read
via "National Vulnerability Database".
Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. (Chrome security severity: Low)๐ Read
via "National Vulnerability Database".
โค1
โผ CVE-2022-3842 โผ
๐ Read
via "National Vulnerability Database".
Use after free in Passwords in Google Chrome prior to 105.0.5195.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)๐ Read
via "National Vulnerability Database".
โผ CVE-2022-0801 โผ
๐ Read
via "National Vulnerability Database".
Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium)๐ Read
via "National Vulnerability Database".
โผ CVE-2022-3863 โผ
๐ Read
via "National Vulnerability Database".
Use after free in Browser History in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)๐ Read
via "National Vulnerability Database".
โผ CVE-2019-13768 โผ
๐ Read
via "National Vulnerability Database".
Use after free in FileAPI in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chrome security severity: High)๐ Read
via "National Vulnerability Database".
โผ CVE-2022-3460 โผ
๐ Read
via "National Vulnerability Database".
In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-2742 โผ
๐ Read
via "National Vulnerability Database".
Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chrome security severity: High)๐ Read
via "National Vulnerability Database".
โผ CVE-2022-2743 โผ
๐ Read
via "National Vulnerability Database".
Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions. (Chrome security severity: High)๐ Read
via "National Vulnerability Database".
โผ CVE-2015-10012 โผ
๐ Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to information exposure through error message. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is abe4993390ba9bd7821ab12678270556645f94c8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217268. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.๐ Read
via "National Vulnerability Database".
โผ CVE-2012-10002 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability was found in ahmyi RivetTracker. It has been declared as problematic. Affected by this vulnerability is the function changeColor of the file css.php. The manipulation of the argument set_css leads to cross site scripting. The attack can be launched remotely. The name of the patch is 45a0f33876d58cb7e4a0f17da149e58fc893b858. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217267.๐ Read
via "National Vulnerability Database".
๐ด Black Hat Flashback: The Day That Dan Kaminsky Saved the Internet ๐ด
๐ Read
via "Dark Reading".
Dark Reading's Kelly Jackson Higgins explains the enormous legacy left behind by Dan Kaminsky and his seminal "Great DNS Vulnerability" talk at Black Hat 2008.๐ Read
via "Dark Reading".
Dark Reading
Black Hat Flashback: The Day That Dan Kaminsky Saved the Internet
Dark Reading's Kelly Jackson Higgins explains the enormous legacy left behind by Dan Kaminsky and his seminal "Great DNS Vulnerability" talk at Black Hat 2008.
โผ CVE-2023-0038 โผ
๐ Read
via "National Vulnerability Database".
The "Survey Maker รขโฌโ Best WordPress Survey Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via survey answers in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts when submitting quizzes that will execute whenever a user accesses the submissions page.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-4663 โผ
๐ Read
via "National Vulnerability Database".
The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the user_login parameter in an imported CSV file in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a site's administrator into uploading a CSV file with the malicious payload.๐ Read
via "National Vulnerability Database".
๐ด Are Meta and Twitter Ushering in a New Age of Insider Threats? ๐ด
๐ Read
via "Dark Reading".
The era of digital trust is broken, and constant vigilance is needed to get things back on track.๐ Read
via "Dark Reading".
Dark Reading
Are Meta and Twitter Ushering in a New Age of Insider Threats?
The era of digital trust is broken, and constant vigilance is needed to get things back on track.
๐1