‼ CVE-2023-0447 ‼
📖 Read
via "National Vulnerability Database".
The My YouTube Channel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clear_all_cache function in versions up to, and including, 3.0.12.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to clear the plugin's cache.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37719 ‼
📖 Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) in the management portal of JetNexus/EdgeNexus ADC 4.2.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-22721 ‼
📖 Read
via "National Vulnerability Database".
Auth. Stored Cross-Site Scripting (XSS) in Oi Yandex.Maps for WordPress <= 3.2.7 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0446 ‼
📖 Read
via "National Vulnerability Database".
The My YouTube Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 3.0.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23824 ‼
📖 Read
via "National Vulnerability Database".
Auth. SQL Injection (SQLi) vulnerability in WP-TopBar <= 5.36 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40034 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23005 ‼
📖 Read
via "National Vulnerability Database".
Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability. This vulnerability may exist in some systems where the Host boot ROM code implements the UFS Boot feature to boot from UFS compliant storage devices. The UFS Boot feature, as specified in the UFS standard, is provided by UFS devices to support platforms that need to download the system boot loader from external non-volatile storage locations. Several scenarios have been identified in which adversaries may disable the boot capability, or revert to an old boot loader code, if the host boot ROM code is improperly implemented. UFS Host Boot ROM implementers may be impacted by this vulnerability. UFS devices are only impacted when connected to a vulnerable UFS Host and are not independently impacted by this vulnerability. When present, the vulnerability is in the UFS Host implementation and is not a vulnerability in Western Digital UFS Devices. Western Digital has provided details of the vulnerability to the JEDEC standards body, multiple vendors of host processors, and software solutions providers.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23560 ‼
📖 Read
via "National Vulnerability Database".
In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46639 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the descarga_etiqueta.php component of Correos Prestashop 1.7.x allows attackers to execute a directory traversal.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22630 ‼
📖 Read
via "National Vulnerability Database".
IzyBat Orange casiers before 20221102_1 allows SQL Injection via a getCasier.php?taille= URI.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-20104 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22960 ‼
📖 Read
via "National Vulnerability Database".
Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21795 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21796.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21796 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21795.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21775 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22484 ‼
📖 Read
via "National Vulnerability Database".
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21719 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22483 ‼
📖 Read
via "National Vulnerability Database".
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to several polynomial time complexity issues in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. Various commands, when piped to cmark-gfm with large values, cause the running time to increase quadratically. These vulnerabilities have been patched in version 0.29.0.gfm.7.📖 Read
via "National Vulnerability Database".
⚠ Apple patches are out – old iPhones get an old zero-day fix at last! ⚠
📖 Read
via "Naked Security".
Don't delay, especially if you're still running an iOS 12 device... please do it today!📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
👍2
‼ CVE-2023-22485 ‼
📖 Read
via "National Vulnerability Database".
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice, because the out-of-bounds read accesses `malloc` metadata without causing any visible damage.This vulnerability has been patched in 0.29.0.gfm.7.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23331 ‼
📖 Read
via "National Vulnerability Database".
Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL Injection.📖 Read
via "National Vulnerability Database".