‼ CVE-2022-48341 ‼
📖 Read
via "National Vulnerability Database".
ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26462 ‼
📖 Read
via "National Vulnerability Database".
ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. (To read this stored data, the attacker needs access to the application server or its source code.)📖 Read
via "National Vulnerability Database".
🕴 This Will Be the Year of the SBOM, for Better or for Worse 🕴
📖 Read
via "Dark Reading".
Sharing attestations on software supply chain data that are formed into a policy will give us a framework to interpret risk and develop compliance directives.📖 Read
via "Dark Reading".
Dark Reading
This Will Be the Year of the SBOM, for Better or for Worse
Sharing attestations on software supply chain data that are formed into a policy will give us a framework to interpret risk and develop compliance directives.
🗓️ NIST plots biggest ever reform of Cybersecurity Framework 🗓️
📖 Read
via "The Daily Swig".
CSF 2.0 blueprint offered up for public review📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
NIST plots biggest ever reform of Cybersecurity Framework
CSF 2.0 blueprint offered up for public review
👍1
‼ CVE-2023-0869 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0986 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. This affects an unknown part of the file admin/?page=user/manage_user of the component Edit User. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-221679.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48343 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24104 ‼
📖 Read
via "National Vulnerability Database".
Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0868 ‼
📖 Read
via "National Vulnerability Database".
Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48344 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0987 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file index.php?page=checkout. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221680.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48342 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23659 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in MainWP Matomo Extension <= 4.0.4 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24384 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart <= 1.4.4 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0988 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in SourceCodester Online Pizza Ordering System 1.0. This issue affects some unknown processing of the file admin/ajax.php?action=save_user. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221681 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0867 ‼
📖 Read
via "National Vulnerability Database".
Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to confidential session information.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24415 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud ChatBot ? plugin <= 4.2.8 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0815 ‼
📖 Read
via "National Vulnerability Database".
Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug.📖 Read
via "National Vulnerability Database".
🕴 (ISC)² Opens Security Congress 2023 Call for Presentations 🕴
📖 Read
via "Dark Reading".
(ISC)2 members and cybersecurity professionals worldwide are encouraged to share their expertise, best practices and experiences with their peers and career hopefuls.📖 Read
via "Dark Reading".
Dark Reading
(ISC)² Opens Security Congress 2023 Call for Presentations
(ISC)2 members and cybersecurity professionals worldwide are encouraged to share their expertise, best practices and experiences with their peers and career hopefuls.
⚠ NPM JavaScript packages abused to create scambait links in bulk ⚠
📖 Read
via "Naked Security".
Free spins? Bonus game points? Cheap social media followers? What harm could it possibly do if you just take a tiny little look?!📖 Read
via "Naked Security".
Naked Security
NPM JavaScript packages abused to create scambait links in bulk
Free spins? Bonus game points? Cheap social media followers? What harm could it possibly do if you just take a tiny little look?!
🕴 Why Are My Employees Integrating With So Many Unsanctioned SaaS Apps? 🕴
📖 Read
via "Dark Reading".
Before adopting SaaS apps, companies should set security guardrails to vet new vendors and check security integration for misconfiguration risks.📖 Read
via "Dark Reading".
Dark Reading
Why Are My Employees Integrating With So Many Unsanctioned SaaS Apps?
Before adopting SaaS apps, companies should set security guardrails to vet new vendors and check security integration for misconfiguration risks.