‼ CVE-2022-45285 ‼
📖 Read
via "National Vulnerability Database".
Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is vulnerable to Cross Site Scripting (XSS).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25717 ‼
📖 Read
via "National Vulnerability Database".
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25718 ‼
📖 Read
via "National Vulnerability Database".
The cryptographic code signing process and controls on ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect) are cryptographically flawed. An attacker can remotely generate or locally alter file contents and bypass code-signing controls. This can be used to execute code as a trusted application provider, escalate privileges, or execute arbitrary commands in the context of the user. The attacker tampers with a trusted, signed executable in transit.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24188 ‼
📖 Read
via "National Vulnerability Database".
ureport v2.2.9 was discovered to contain an arbitrary file deletion vulnerability.📖 Read
via "National Vulnerability Database".
🕴 Accenture Acquires Morphus, Brazil-Based Cybersecurity Company 🕴
📖 Read
via "Dark Reading".
Morphus's deep cybersecurity research expertise, cyber defense and threat intelligence services widen Accenture's cybersecurity footprint in Latin America.📖 Read
via "Dark Reading".
Dark Reading
Accenture Acquires Morphus, Brazil-Based Cybersecurity Company
Morphus's deep cybersecurity research expertise, cyber defense and threat intelligence services widen Accenture's cybersecurity footprint in Latin America.
🕴 9 Scammers Busted for 5M Euro Phishing Fraud Ring 🕴
📖 Read
via "Dark Reading".
The network is alleged to have operated 100 bank accounts and stolen millions from American people and companies.📖 Read
via "Dark Reading".
Dark Reading
9 Scammers Busted for 5M Euro Phishing Fraud Ring
The network is alleged to have operated 100 bank accounts and stolen millions from American people and companies.
🕴 Dark Web Revenue Down Dramatically After Hydra's Demise 🕴
📖 Read
via "Dark Reading".
Competitor markets working to replace Hydra's money-laundering services for cybercriminals.📖 Read
via "Dark Reading".
Dark Reading
Dark Web Revenue Down Dramatically After Hydra's Demise
Competitor markets working to replace Hydra's money-laundering services for cybercriminals.
‼ CVE-2023-25162 ‼
📖 Read
via "National Vulnerability Database".
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to 24.0.8 and 23.0.12 and Nextcloud Enterprise server prior to 24.0.8 and 23.0.12 are vulnerable to server-side request forgery (SSRF). Attackers can leverage enclosed alphanumeric payloads to bypass IP filters and gain SSRF, which would allow an attacker to read crucial metadata if the server is hosted on the AWS platform. Nextcloud Server 24.0.8 and 23.0.2 and Nextcloud Enterprise Server 24.0.8 and 23.0.12 contain a patch for this issue. No known workarounds are available.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0818 ‼
📖 Read
via "National Vulnerability Database".
Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24647 ‼
📖 Read
via "National Vulnerability Database".
Food Ordering System v2.0 was discovered to contain a SQL injection vulnerability via the email parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0817 ‼
📖 Read
via "National Vulnerability Database".
Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV.📖 Read
via "National Vulnerability Database".
‼ CVE-2015-10079 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in juju2143 WalrusIRC 0.0.2. It has been rated as problematic. This issue affects the function parseLinks of the file public/parser.js. The manipulation of the argument text leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 0.0.3 is able to address this issue. The name of the patch is 45fd885895ae13e8d9b3a71e89d59768914f60af. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220751.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25160 ‼
📖 Read
via "National Vulnerability Database".
Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25, Mail 1.14.5 for Nextcloud 22-24, Mail 1.12.9 for Nextcloud 21, or Mail 1.11.8 for Nextcloud 20 to receive a patch. No known workarounds are available.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25572 ‼
📖 Read
via "National Vulnerability Database".
react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and using the `<RichTextField>` are affected. `<RichTextField>` outputs the field value using `dangerouslySetInnerHTML` without client-side sanitization. If the data isn't sanitized server-side, this opens a possible cross-site scripting (XSS) attack. Versions 3.19.12 and 4.7.6 now use `DOMPurify` to escape the HTML before outputting it with React and `dangerouslySetInnerHTML`. Users who already sanitize HTML data server-side do not need to upgrade. As a workaround, users may replace the `<RichTextField>` by a custom field doing sanitization by hand.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24646 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24648 ‼
📖 Read
via "National Vulnerability Database".
Zstore v6.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25241 ‼
📖 Read
via "National Vulnerability Database".
bgERP v22.31 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4905 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in UDX Stateless Media Plugin 3.1.1. It has been declared as problematic. This vulnerability affects the function setup_wizard_interface of the file lib/classes/class-settings.php. The manipulation of the argument settings leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.2.0 is able to address this issue. The name of the patch is 6aee7ae0b0beeb2232ce6e1c82aa7e2041ae151a. It is recommended to upgrade the affected component. VDB-220750 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25161 ‼
📖 Read
via "National Vulnerability Database".
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 25.0.1 24.0.8, and 23.0.12 missing rate limiting on password reset functionality. This could result in service slowdown, storage overflow, or cost impact when using external email services. Users should upgrade to Nextcloud Server 25.0.1, 24.0.8, or 23.0.12 or Nextcloud Enterprise Server 25.0.1, 24.0.8, or 23.0.12 to receive a patch. No known workarounds are available.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24086 ‼
📖 Read
via "National Vulnerability Database".
SLIMS v9.5.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /customs/loan_by_class.php?reportView.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25240 ‼
📖 Read
via "National Vulnerability Database".
An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code.📖 Read
via "National Vulnerability Database".