βΌ CVE-2023-24202 βΌ
π Read
via "National Vulnerability Database".
Raffle Draw System v1.0 was discovered to contain a local file inclusion vulnerability via the page parameter in index.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24194 βΌ
π Read
via "National Vulnerability Database".
Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in navbar.php.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-24195 βΌ
π Read
via "National Vulnerability Database".
Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in index.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24191 βΌ
π Read
via "National Vulnerability Database".
Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in signup.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24276 βΌ
π Read
via "National Vulnerability Database".
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24201 βΌ
π Read
via "National Vulnerability Database".
Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at get_ticket.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24199 βΌ
π Read
via "National Vulnerability Database".
Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at delete_ticket.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48019 βΌ
π Read
via "National Vulnerability Database".
The components wfshbr64.sys and wfshbr32.sys in Another Eden before v3.0.20 and before v2.14.200 allows attackers to perform privilege escalation via a crafted payload.π Read
via "National Vulnerability Database".
β Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto β
π Read
via "Naked Security".
Hear renowned cybersecurity author Andy Greenberg's thoughtful commentary about the "war on crypto" as we talk to him about his new book...π Read
via "Naked Security".
Naked Security
Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto
Hear renowned cybersecurity author Andy Greenbergβs thoughtful commentary about the βwar on cryptoβ as we talk to him about his new bookβ¦
βΌ CVE-2022-47071 βΌ
π Read
via "National Vulnerability Database".
In NVS365 V01, the background network test function can trigger command execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36660 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11. It has been rated as problematic. This issue affects some unknown processing of the file src/evesrp/views/api.py of the component User Information Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. Upgrading to version 0.12.12 is able to address this issue. The name of the patch is 9e03f68e46e85ca9c9694a6971859b3ee66f0240. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220211.π Read
via "National Vulnerability Database".
π΄ Patching & Passwords Lead the Problem Pack for Cyber-Teams π΄
π Read
via "Dark Reading".
Despite growing awareness, organizations remain plagued with unpatched vulnerabilities and weaknesses in credential policies.π Read
via "Dark Reading".
Dark Reading
Patching & Passwords Lead the Problem Pack for Cyber-Teams
Despite growing awareness, organizations remain plagued with unpatched vulnerabilities and weaknesses in credential policies.
π΄ Cybercrime Shows No Signs of Slowing Down π΄
π Read
via "Dark Reading".
Look for recent trends in attacks, strategies, and vulnerabilities to continue gaining steam throughout 2023.π Read
via "Dark Reading".
Dark Reading
Cybercrime Shows No Signs of Slowing Down
Look for recent trends in attacks, strategies, and vulnerabilities to continue gaining steam throughout 2023.
π₯3
βΌ CVE-2022-2933 βΌ
π Read
via "National Vulnerability Database".
The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromk_options_page function. This makes it possible for unauthenticated attackers to inject malicious web scripts via the 'zeromk_user' and 'zeromk_apikluc' parameters through a forged request granted they can trick a site administrator into performing an action such as clicking on a link.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0062 βΌ
π Read
via "National Vulnerability Database".
The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4657 βΌ
π Read
via "National Vulnerability Database".
The Restaurant Menu WordPress plugin before 2.3.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2022-4670 βΌ
π Read
via "National Vulnerability Database".
The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4664 βΌ
π Read
via "National Vulnerability Database".
The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2022-4826 βΌ
π Read
via "National Vulnerability Database".
The Simple Tooltips WordPress plugin before 2.1.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2022-32643 βΌ
π Read
via "National Vulnerability Database".
In ccd, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07341261.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4762 βΌ
π Read
via "National Vulnerability Database".
The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.π Read
via "National Vulnerability Database".