‼ CVE-2023-24499 ‼
📖 Read
via "National Vulnerability Database".
Butterfly Button plugin may leave traces of its use on user's device. Since it is used for reporting domestic problems, this may lead to spouse knowing about its use.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38111 ‼
📖 Read
via "National Vulnerability Database".
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47506 ‼
📖 Read
via "National Vulnerability Database".
SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23848 ‼
📖 Read
via "National Vulnerability Database".
Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.📖 Read
via "National Vulnerability Database".
🕴 ChatGPT Subs In as Security Analyst, Hallucinates Only Occasionally 🕴
📖 Read
via "Dark Reading".
Incident response triage and software vulnerability discovery are two areas where the large language model has demonstrated success, although false positives are common.📖 Read
via "Dark Reading".
Dark Reading
ChatGPT Subs In as Security Analyst, Hallucinates Only Occasionally
Incident response triage and software vulnerability discovery are two areas where the large language model has demonstrated success, although false positives are common.
‼ CVE-2023-22855 ‼
📖 Read
via "National Vulnerability Database".
Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method (Path.Combine from .NET) without proper sanitisation. This yields the possibility of including local files, as well as remote files on SMB shares. If one provides a file with the extension .t4, it is rendered with the .NET templating engine mono/t4, which can execute code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33396 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Request Forgery (CSRF) vulnerability in baijiacms 4.1.4, allows attackers to change the password or other information of an arbitrary account via index.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45543 ‼
📖 Read
via "National Vulnerability Database".
Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38868 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection vulnerability in Ehoney version 2.0.0 in models/protocol.go and models/images.go, allows attackers to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21119 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection vulnerability in Kliqqi-CMS 2.0.2 in admin/admin_update_module_widgets.php in recordIDValue parameter, allows attackers to gain escalated privileges and execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0848 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. It has been rated as problematic. This issue affects some unknown processing of the component Web Management Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221147.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40016 ‼
📖 Read
via "National Vulnerability Database".
Use After Free (UAF) vulnerability in ireader media-server before commit 3e0f63f1d3553f75c7d4eb32fa7c7a1976a9ff84 in librtmp, allows attackers to cause a denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42455 ‼
📖 Read
via "National Vulnerability Database".
ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0850 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Netgear WNDR3700v2 1.0.1.14 and classified as problematic. This issue affects some unknown processing of the component Web Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221153 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45546 ‼
📖 Read
via "National Vulnerability Database".
Information Disclosure in Authentication Component of ScreenCheck BadgeMaker 2.6.2.0 application allows internal attacker to obtain credentials for authentication via network sniffing.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38867 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, and 4.0.2 in api.go, allows attackers to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34117 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in function getUserName in the username parameter, allows attackers to gain sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0849 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221152.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38935 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in NiterForum version 2.5.0-beta in /src/main/java/cn/niter/forum/api/SsoApi.java and /src/main/java/cn/niter/forum/controller/AdminController.java, allows attackers to gain escalated privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21120 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection vulnerability in file home\controls\cart.class.php in UQCMS 2.1.3, allows attackers execute arbitrary commands via the cookie_cart parameter to /index.php/cart/num.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-19825 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges.📖 Read
via "National Vulnerability Database".