βΌ CVE-2023-1029 βΌ
π Read
via "National Vulnerability Database".
The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the regenerateSitemaps function. This makes it possible for unauthenticated attackers to regenerate Sitemaps via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1030 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Online Boat Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /boat/login.php of the component POST Parameter Handler. The manipulation of the argument un leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221755.π Read
via "National Vulnerability Database".
π΄ Tackling Software Supply Chain Issues With CNAPP π΄
π Read
via "Dark Reading".
The cloud-native application protection platform market is expanding as security teams look to protect their applications and the software supply chain.π Read
via "Dark Reading".
Dark Reading
Tackling Software Supply Chain Issues With CNAPP
The cloud-native application protection platform market is expanding as security teams look to protect their applications and the software supply chain.
βΌ CVE-2021-34248 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in sourcecodester mobile-shop-system-php-mysql 1.0 allows remote attackers to log in via crafterdstring in the email field of the log in page.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35290 βΌ
π Read
via "National Vulnerability Database".
File Upload vulnerability in balerocms-src 0.8.3 allows remote attackers to run arbitrary code via rich text editor on /admin/main/mod-blog page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24189 βΌ
π Read
via "National Vulnerability Database".
An XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34249 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in sourcecodester online-book-store 1.0 allows remote attackers to view sensitive information via the id paremeter in application URL.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-34167 βΌ
π Read
via "National Vulnerability Database".
Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php.π Read
via "National Vulnerability Database".
π’ The UN's cyber crime treaty could be a privacy disaster π’
π Read
via "ITPro".
Although a UN committee is fleshing out a new international cyber crime treaty, experts question whether itβll make any positive difference to businessesπ Read
via "ITPro".
ITPro
The UN's cyber crime treaty could be a privacy disaster
Although a UN committee is fleshing out a new international cyber crime treaty, experts question whether itβll make any positive difference to businesses
π’ LockBit leaks 44GB of Royal Mail's data, new Β£33m ransom set π’
π Read
via "ITPro".
200 employees are believed to be affected with vaccine records, salary information, HR formal dismissal documents, and business contract documents all appearing to be included in the leakπ Read
via "ITPro".
ITPro
LockBit leaks 44GB of Royal Mail's data and sets fresh Β£33 million ransom
200 employees are believed to be affected with vaccine records, salary information, HR formal dismissal documents, and business contract documents all appearing to be included in the leak
π3
βΌ CVE-2023-1035 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been classified as critical. Affected is an unknown function of the file update_user.php. The manipulation of the argument user_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221784.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2024 βΌ
π Read
via "National Vulnerability Database".
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-26550 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-48362 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. (The attacker could authenticate by exploiting CVE-2021-44515.)π Read
via "National Vulnerability Database".
π₯1
βΌ CVE-2023-26091 βΌ
π Read
via "National Vulnerability Database".
The frp_form_answers (aka Forms Export) extension before 3.1.2, and 4.x before 4.0.2, for TYPO3 allows XSS via saved emails.π Read
via "National Vulnerability Database".
βΌ CVE-2019-25105 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in dro.pm. This affects an unknown part of the file web/fileman.php. The manipulation of the argument secret/key leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is fa73c3a42bc5c246a1b8f815699ea241aef154bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221763.π Read
via "National Vulnerability Database".
π₯1
βΌ CVE-2021-3329 βΌ
π Read
via "National Vulnerability Database".
Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stackπ Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-1048 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5. This issue affects some unknown processing in the library WinRing0x64.sys. The manipulation leads to improper initialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221807.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1043 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in MuYuCMS 2.2. It has been classified as problematic. Affected is an unknown function of the file /editor/index.php. The manipulation of the argument dir_path leads to relative path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221802 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1045 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in MuYuCMS 2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin.php/accessory/filesdel.html. The manipulation of the argument filedelur leads to relative path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221804.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1046 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in MuYuCMS 2.2. This affects an unknown part of the file /admin.php/update/getFile.html. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221805 was assigned to this vulnerability.π Read
via "National Vulnerability Database".