βΌ CVE-2023-0931 βΌ
π Read
via "National Vulnerability Database".
Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)π Read
via "National Vulnerability Database".
βΌ CVE-2023-0964 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. Affected is an unknown function of the file admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. VDB-221634 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25813 βΌ
π Read
via "National Vulnerability Database".
Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fixed in Sequelize 6.19.1. Users are advised to upgrade. Users unable to upgrade should not use the `replacements` and the `where` option in the same query.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0961 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been classified as critical. This affects an unknown part of the file view_music_details.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221631.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0962 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been declared as critical. This vulnerability affects unknown code of the file Master.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221632.π Read
via "National Vulnerability Database".
π΄ UL Solutions Advances Automotive Safety and Security π΄
π Read
via "Dark Reading".
A combined team of UL Solutions safety science experts will address automotive cybersecurity, functional safety, automated driving and software development processes to help customers bring safer, more secure innovations to market.π Read
via "Dark Reading".
Dark Reading
UL Solutions Advances Automotive Safety and Security
A combined team of UL Solutions safety science experts will address automotive cybersecurity, functional safety, automated driving and software development processes to help customers bring safer, more secure innovations to market.
π΄ Scammers Mimic ChatGPT to Steal Business Credentials π΄
π Read
via "Dark Reading".
Hackers will take anything newsworthy and turn it against you, including the world's most advanced AI-enabled chatbot.π Read
via "Dark Reading".
Dark Reading
Scammers Mimic ChatGPT to Steal Business Credentials
Hackers will take anything newsworthy and turn it against you, including the world's most advanced AI-enabled chatbot.
βΌ CVE-2023-24114 βΌ
π Read
via "National Vulnerability Database".
typecho 1.1/17.10.30 was discovered to contain a remote code execution (RCE) vulnerability via install.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22974 βΌ
π Read
via "National Vulnerability Database".
A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45599 βΌ
π Read
via "National Vulnerability Database".
Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulnerable to PHP Type Juggling in file /var/www/login.php, allows attackers to gain escalated privileges only when specific conditions regarding a given accounts hashed password.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29273 βΌ
π Read
via "National Vulnerability Database".
pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22972 βΌ
π Read
via "National Vulnerability Database".
A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45600 βΌ
π Read
via "National Vulnerability Database".
Aztech WMB250AC Mesh Routers Firmware Version 016 2020 devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login.π Read
via "National Vulnerability Database".
π€1
βΌ CVE-2021-33367 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0104 βΌ
π Read
via "National Vulnerability Database".
The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the userΓ’β¬β’s computer or gain access to sensitive data.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39983 βΌ
π Read
via "National Vulnerability Database".
File upload vulnerability in Instantdeveloper RD3 22.0.8500, allows attackers to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22973 βΌ
π Read
via "National Vulnerability Database".
A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2017-1024 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2017-1005 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2017-1021 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2017-1027 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.π Read
via "National Vulnerability Database".