β Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto β
π Read
via "Naked Security".
Hear renowned cybersecurity author Andy Greenberg's thoughtful commentary about the "war on crypto" as we talk to him about his new book...π Read
via "Naked Security".
Naked Security
Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto
Hear renowned cybersecurity author Andy Greenbergβs thoughtful commentary about the βwar on cryptoβ as we talk to him about his new bookβ¦
βΌ CVE-2022-47071 βΌ
π Read
via "National Vulnerability Database".
In NVS365 V01, the background network test function can trigger command execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36660 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11. It has been rated as problematic. This issue affects some unknown processing of the file src/evesrp/views/api.py of the component User Information Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. Upgrading to version 0.12.12 is able to address this issue. The name of the patch is 9e03f68e46e85ca9c9694a6971859b3ee66f0240. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220211.π Read
via "National Vulnerability Database".
π΄ Patching & Passwords Lead the Problem Pack for Cyber-Teams π΄
π Read
via "Dark Reading".
Despite growing awareness, organizations remain plagued with unpatched vulnerabilities and weaknesses in credential policies.π Read
via "Dark Reading".
Dark Reading
Patching & Passwords Lead the Problem Pack for Cyber-Teams
Despite growing awareness, organizations remain plagued with unpatched vulnerabilities and weaknesses in credential policies.
π΄ Cybercrime Shows No Signs of Slowing Down π΄
π Read
via "Dark Reading".
Look for recent trends in attacks, strategies, and vulnerabilities to continue gaining steam throughout 2023.π Read
via "Dark Reading".
Dark Reading
Cybercrime Shows No Signs of Slowing Down
Look for recent trends in attacks, strategies, and vulnerabilities to continue gaining steam throughout 2023.
π₯3
βΌ CVE-2022-2933 βΌ
π Read
via "National Vulnerability Database".
The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromk_options_page function. This makes it possible for unauthenticated attackers to inject malicious web scripts via the 'zeromk_user' and 'zeromk_apikluc' parameters through a forged request granted they can trick a site administrator into performing an action such as clicking on a link.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0062 βΌ
π Read
via "National Vulnerability Database".
The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4657 βΌ
π Read
via "National Vulnerability Database".
The Restaurant Menu WordPress plugin before 2.3.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2022-4670 βΌ
π Read
via "National Vulnerability Database".
The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4664 βΌ
π Read
via "National Vulnerability Database".
The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2022-4826 βΌ
π Read
via "National Vulnerability Database".
The Simple Tooltips WordPress plugin before 2.1.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2022-32643 βΌ
π Read
via "National Vulnerability Database".
In ccd, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07341261.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4762 βΌ
π Read
via "National Vulnerability Database".
The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0072 βΌ
π Read
via "National Vulnerability Database".
The WC Vendors Marketplace WordPress plugin before 2.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4825 βΌ
π Read
via "National Vulnerability Database".
The WP-ShowHide WordPress plugin before 1.05 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32642 βΌ
π Read
via "National Vulnerability Database".
In ccd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326547; Issue ID: ALPS07326547.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4756 βΌ
π Read
via "National Vulnerability Database".
The My YouTube Channel WordPress plugin before 3.23.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4384 βΌ
π Read
via "National Vulnerability Database".
The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site (like subscribers) from using its alert creation functionality, which may enable them to leak sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4459 βΌ
π Read
via "National Vulnerability Database".
The WP Show Posts WordPress plugin before 1.1.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20618 βΌ
π Read
via "National Vulnerability Database".
In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519184; Issue ID: ALPS07519184.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4674 βΌ
π Read
via "National Vulnerability Database".
The Ibtana WordPress plugin before 1.1.8.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attackπ Read
via "National Vulnerability Database".