๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.8K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.8K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-4327 โ€ผ

A vulnerability was found in SerenityOS. It has been rated as critical. Affected by this issue is the function initialize_typed_array_from_array_buffer in the library Userland/Libraries/LibJS/Runtime/TypedArray.cpp. The manipulation leads to integer overflow. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is f6c6047e49f1517778f5565681fb64750b14bf60. It is recommended to apply a patch to fix this issue. VDB-222074 is the identifier assigned to this vulnerability.

๐Ÿ“– Read

via "National Vulnerability Database".
375 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด Without FIDO2, MFA Falls Short ๐Ÿ•ด

The open authentication standard addresses existing multifactor authentication security vulnerabilities.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
Without FIDO2, MFA Falls Short
The open authentication standard addresses existing multifactor authentication security vulnerabilities.
327 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-45804 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.9 leading to galleries hierarchy change, included plugin deactivate & activate.

๐Ÿ“– Read

via "National Vulnerability Database".
274 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-1115 โ€ผ

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.

๐Ÿ“– Read

via "National Vulnerability Database".
237 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-45068 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Mercado Pago Mercado Pago payments for WooCommerce plugin <= 6.3.1.

๐Ÿ“– Read

via "National Vulnerability Database".
228 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23974 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 affecting all registration actions (delete, delete all, edit, update).

๐Ÿ“– Read

via "National Vulnerability Database".
214 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-40198 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in StandaloneTech TeraWallet รขโ‚ฌโ€œ For WooCommerce plugin <= 1.3.24 leading to plugin settings change.

๐Ÿ“– Read

via "National Vulnerability Database".
216 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-1064 โ€ผ

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Uzay Baskul Weighbridge Automation Software allows SQL Injection.This issue affects Weighbridge Automation Software: before 1.1.

๐Ÿ“– Read

via "National Vulnerability Database".
207 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-1117 โ€ผ

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.

๐Ÿ“– Read

via "National Vulnerability Database".
205 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23973 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Contact Us Page รขโ‚ฌโ€œ Contact People plugin <= 3.7.0.

๐Ÿ“– Read

via "National Vulnerability Database".
211 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-1116 โ€ผ

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.

๐Ÿ“– Read

via "National Vulnerability Database".
226 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23984 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu รขโ‚ฌโ€œ circle floating menu plugin <= 3.0.1 leading to form deletion.

๐Ÿ“– Read

via "National Vulnerability Database".
252 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-46797 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Conversios All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce plugin <= 5.2.3 leads to plugin settings change.

๐Ÿ“– Read

via "National Vulnerability Database".
269 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-38468 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin รขโ‚ฌโ€œ NextGEN Gallery plugin <= 3.28 leading to thumbnail alteration.

๐Ÿ“– Read

via "National Vulnerability Database".
301 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด CISA: ZK Java Framework RCE Flaw Under Active Exploit ๐Ÿ•ด

The flaw, which drew attention in October when it was found in ConnectWise products, could pose a significant risk to the supply chain if not patched immediately.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
CISA: ZK Java Framework RCE Flaw Under Active Exploit
The flaw, which drew attention in October when it was found in ConnectWise products, could pose a significant risk to the supply chain if not patched immediately.
307 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-24755 โ€ผ

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

๐Ÿ“– Read

via "National Vulnerability Database".
265 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-25222 โ€ผ

A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC function at bits.c.

๐Ÿ“– Read

via "National Vulnerability Database".
252 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-46806 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Cart All In One For WooCommerce plugin <= 1.1.10 leading to cart modification.

๐Ÿ“– Read

via "National Vulnerability Database".
231 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-25544 โ€ผ

Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks.

๐Ÿ“– Read

via "National Vulnerability Database".
187 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-24756 โ€ผ

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.

๐Ÿ“– Read

via "National Vulnerability Database".
167 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-46798 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.5.1 leading to plugin settings change.

๐Ÿ“– Read

via "National Vulnerability Database".
152 views