βΌ CVE-2022-3760 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med.This issue affects Mia-Med: before 1.0.0.58.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1243 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1238 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1247 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 11.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1244 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1237 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1241 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1245 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π Read
via "National Vulnerability Database".
π΄ Cyber Security Works to Rebrand As Securin Inc. π΄
π Read
via "Dark Reading".
Securin Inc. will provide tech-enabled security solutions, vulnerability intelligence and deep domain expertise.π Read
via "Dark Reading".
Dark Reading
Cyber Security Works to Rebrand As Securin Inc.
Securin Inc. will provide tech-enabled security solutions, vulnerability intelligence and deep domain expertise.
π΄ Ransomware's Favorite Target: Critical Infrastructure and Its Industrial Control Systems π΄
π Read
via "Dark Reading".
The health, manufacturing, and energy sectors are the most vulnerable to ransomware.π Read
via "Dark Reading".
Dark Reading
Ransomware's Favorite Target: Critical Infrastructure and Its Industrial Control Systems
The health, manufacturing, and energy sectors are the most vulnerable to ransomware.
βΌ CVE-2023-26955 βΌ
π Read
via "National Vulnerability Database".
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Admin Group module.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36669 βΌ
π Read
via "National Vulnerability Database".
The JetBackup Γ’β¬β WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the backup_guard_get_import_backup() function. This makes it possible for unauthenticated attackers to upload arbitrary files to the vulnerable site's server via a forged request, granted they can trick a site's administrator into performing an action such as clicking on a link.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44197 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26954 βΌ
π Read
via "National Vulnerability Database".
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Group module.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4330 βΌ
π Read
via "National Vulnerability Database".
The Envato Elements & Download and Template Kit Γ’β¬β Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. This makes it possible for attackers with contributor-lever permissions and above to upload arbitrary files and potentially gain remote code execution in versions up to and including 1.0.13 of Template Kit Γ’β¬β Import and versions up to and including 2.0.10 of Envato Elements & Download.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36668 βΌ
π Read
via "National Vulnerability Database".
The JetBackup Γ’β¬β WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking on the backup_guard_get_manual_modal function called via an AJAX action. This makes it possible for subscriber-level attackers, and above, to invoke the function and obtain database table information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44196 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36667 βΌ
π Read
via "National Vulnerability Database".
The JetBackup Γ’β¬β WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backup_guard_cloud_dropbox, backup_guard_cloud_gdrive, and backup_guard_cloud_oneDrive functions. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to change to location of back-ups and potentially steal sensitive information from them.π Read
via "National Vulnerability Database".
π΄ Delinea Adds New features for its Privilege Manager and DevOps Secrets Vault π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Delinea Adds New features for its Privilege Manager and DevOps Secrets Vault
REDWOOD CITY, Calif., March 7, 2023 /PRNewswire/ -- Delinea, a leading provider of Privileged Access Management (PAM) solutions for seamless security, today announced new features for its Privilege Manager and DevOps Secrets Vault products. Updates to bothβ¦
π΄ Remcos RAT Spyware Scurries Into Machines via Cloud Servers π΄
π Read
via "Dark Reading".
Attackers use phishing emails that appear to come from reputable organizations, dropping the payload using public cloud servers and an old Windows UAC bypass technique.π Read
via "Dark Reading".
Dark Reading
Remcos RAT Spyware Scurries Into Machines via Cloud Servers
Attackers use phishing emails that appear to come from reputable organizations, dropping the payload using public cloud servers and an old Windows UAC bypass technique.