‼ CVE-2022-48149 ‼
📖 Read
via "National Vulnerability Database".
Online Student Admission System in PHP Free Source Code 1.0 was discovered to contain a SQL injection vulnerability via the username parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0885 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-1069 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2017-1028 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-1064 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.📖 Read
via "National Vulnerability Database".
🔥2
‼ CVE-2023-25621 ‼
📖 Read
via "National Vulnerability Database".
Privilege Escalation vulnerability in Apache Software Foundation Apache Sling. Any content author is able to create i18n dictionaries in the repository in a location the author has write access to. As these translations are used across the whole product, it allows an author to change any text or dialog in the product. For example an attacker might fool someone by changing the text on a delete button to "Info". This issue affects the i18n module of Apache Sling up to version 2.5.18. Version 2.6.2 and higher limit by default i18m dictionaries to certain paths in the repository (/libs and /apps). Users of the module are advised to update to version 2.6.2 or higher, check the configuration for resource loading and then adjust the access permissions for the configured path accordingly.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45032 ‼
📖 Read
via "National Vulnerability Database".
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0939 ‼
📖 Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NTN Information Technologies Online Services Software allows SQL Injection.This issue affects Online Services Software: before 1.17.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48341 ‼
📖 Read
via "National Vulnerability Database".
ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26462 ‼
📖 Read
via "National Vulnerability Database".
ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. (To read this stored data, the attacker needs access to the application server or its source code.)📖 Read
via "National Vulnerability Database".
🕴 This Will Be the Year of the SBOM, for Better or for Worse 🕴
📖 Read
via "Dark Reading".
Sharing attestations on software supply chain data that are formed into a policy will give us a framework to interpret risk and develop compliance directives.📖 Read
via "Dark Reading".
Dark Reading
This Will Be the Year of the SBOM, for Better or for Worse
Sharing attestations on software supply chain data that are formed into a policy will give us a framework to interpret risk and develop compliance directives.
🗓️ NIST plots biggest ever reform of Cybersecurity Framework 🗓️
📖 Read
via "The Daily Swig".
CSF 2.0 blueprint offered up for public review📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
NIST plots biggest ever reform of Cybersecurity Framework
CSF 2.0 blueprint offered up for public review
👍1
‼ CVE-2023-0869 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0986 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. This affects an unknown part of the file admin/?page=user/manage_user of the component Edit User. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-221679.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48343 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24104 ‼
📖 Read
via "National Vulnerability Database".
Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0868 ‼
📖 Read
via "National Vulnerability Database".
Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48344 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0987 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file index.php?page=checkout. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221680.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48342 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23659 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in MainWP Matomo Extension <= 4.0.4 versions.📖 Read
via "National Vulnerability Database".