βΌ CVE-2023-24189 βΌ
π Read
via "National Vulnerability Database".
An XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34249 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in sourcecodester online-book-store 1.0 allows remote attackers to view sensitive information via the id paremeter in application URL.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-34167 βΌ
π Read
via "National Vulnerability Database".
Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php.π Read
via "National Vulnerability Database".
π’ The UN's cyber crime treaty could be a privacy disaster π’
π Read
via "ITPro".
Although a UN committee is fleshing out a new international cyber crime treaty, experts question whether itβll make any positive difference to businessesπ Read
via "ITPro".
ITPro
The UN's cyber crime treaty could be a privacy disaster
Although a UN committee is fleshing out a new international cyber crime treaty, experts question whether itβll make any positive difference to businesses
π’ LockBit leaks 44GB of Royal Mail's data, new Β£33m ransom set π’
π Read
via "ITPro".
200 employees are believed to be affected with vaccine records, salary information, HR formal dismissal documents, and business contract documents all appearing to be included in the leakπ Read
via "ITPro".
ITPro
LockBit leaks 44GB of Royal Mail's data and sets fresh Β£33 million ransom
200 employees are believed to be affected with vaccine records, salary information, HR formal dismissal documents, and business contract documents all appearing to be included in the leak
π3
βΌ CVE-2023-1035 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been classified as critical. Affected is an unknown function of the file update_user.php. The manipulation of the argument user_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221784.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2024 βΌ
π Read
via "National Vulnerability Database".
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-26550 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-48362 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. (The attacker could authenticate by exploiting CVE-2021-44515.)π Read
via "National Vulnerability Database".
π₯1
βΌ CVE-2023-26091 βΌ
π Read
via "National Vulnerability Database".
The frp_form_answers (aka Forms Export) extension before 3.1.2, and 4.x before 4.0.2, for TYPO3 allows XSS via saved emails.π Read
via "National Vulnerability Database".
βΌ CVE-2019-25105 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in dro.pm. This affects an unknown part of the file web/fileman.php. The manipulation of the argument secret/key leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is fa73c3a42bc5c246a1b8f815699ea241aef154bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221763.π Read
via "National Vulnerability Database".
π₯1
βΌ CVE-2021-3329 βΌ
π Read
via "National Vulnerability Database".
Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stackπ Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-1048 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5. This issue affects some unknown processing in the library WinRing0x64.sys. The manipulation leads to improper initialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221807.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1043 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in MuYuCMS 2.2. It has been classified as problematic. Affected is an unknown function of the file /editor/index.php. The manipulation of the argument dir_path leads to relative path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221802 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1045 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in MuYuCMS 2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin.php/accessory/filesdel.html. The manipulation of the argument filedelur leads to relative path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221804.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1046 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in MuYuCMS 2.2. This affects an unknown part of the file /admin.php/update/getFile.html. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221805 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1042 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Online Pet Shop We App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /pet_shop/admin/orders/update_status.php. The manipulation of the argument oid with the input 1"><script>alert(1111)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221800.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1044 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in MuYuCMS 2.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /editor/index.php. The manipulation of the argument file_path leads to relative path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221803.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1047 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in TechPowerUp RealTemp 3.7.0.0. This vulnerability affects unknown code in the library WinRing0x64.sys. The manipulation leads to improper initialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-221806 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26602 βΌ
π Read
via "National Vulnerability Database".
ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48363 βΌ
π Read
via "National Vulnerability Database".
In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer.π Read
via "National Vulnerability Database".
π1