‼ CVE-2021-33639 ‼
📖 Read
via "National Vulnerability Database".
REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26948 ‼
📖 Read
via "National Vulnerability Database".
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26110 ‼
📖 Read
via "National Vulnerability Database".
All versions of the package node-bluetooth are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26109 ‼
📖 Read
via "National Vulnerability Database".
All versions of the package node-bluetooth-serial-port are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27985 ‼
📖 Read
via "National Vulnerability Database".
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1251 ‼
📖 Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akinsoft Wolvox. This issue affects Wolvox: before 8.02.03.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27986 ‼
📖 Read
via "National Vulnerability Database".
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1286 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.📖 Read
via "National Vulnerability Database".
🕴 Critical RCE Bug Opens Fortinet's Secure Web Gateway to Takeover 🕴
📖 Read
via "Dark Reading".
Users should patch an unauthenticated remote code execution bug impacting FortiOS and FortiProxy administrative interfaces ASAP, Fortinet says.📖 Read
via "Dark Reading".
Dark Reading
Critical RCE Bug Opens Fortinet's Secure Web Gateway to Takeover
Users should patch an unauthenticated remote code execution bug impacting FortiOS and FortiProxy administrative interfaces ASAP, Fortinet says.
‼ CVE-2023-1292 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Sales Tracker Management System 1.0 and classified as critical. This vulnerability affects the function delete_client of the file classes/Master.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222646 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-26209 ‼
📖 Read
via "National Vulnerability Database".
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0845 ‼
📖 Read
via "National Vulnerability Database".
Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-1294 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester File Tracker Manager System 1.0. It has been classified as critical. Affected is an unknown function of the file /file_manager/login.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222648.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26208 ‼
📖 Read
via "National Vulnerability Database".
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1291 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in SourceCodester Sales Tracker Management System 1.0. This affects an unknown part of the file admin/clients/manage_client.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222645 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1293 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. This issue affects the function mysqli_query of the file admin_cs.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222647.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1290 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in SourceCodester Sales Tracker Management System 1.0. Affected by this issue is some unknown functionality of the file admin/clients/view_client.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222644.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29056 ‼
📖 Read
via "National Vulnerability Database".
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.📖 Read
via "National Vulnerability Database".
🕴 Iranian APT Targets Female Activists With Mahsa Amini Protest Lures 🕴
📖 Read
via "Dark Reading".
A top Iranian, state-sponsored threat is a spear-phishing campaign that uses a fake Twitter persona to target women interested in Iranian political affairs and human rights.📖 Read
via "Dark Reading".
Dark Reading
Iranian APT Targets Female Activists With Mahsa Amini Protest Lures
A top Iranian, state-sponsored threat is a spear-phishing campaign that uses a fake Twitter persona to target women interested in Iranian political affairs and human rights.
🕴 How to Jump-Start Your Cybersecurity Career 🕴
📖 Read
via "Dark Reading".
With more than 700,000 cybersecurity jobs available, now is a good time to consider a career change.📖 Read
via "Dark Reading".
Dark Reading
How to Jump-Start Your Cybersecurity Career
With more than 700,000 cybersecurity jobs available, now is a good time to consider a career change.
👍1
🕴 Inside Threat: Developers Leaked 10M Credentials, Passwords in 2022 🕴
📖 Read
via "Dark Reading".
More than five out of every 1,000 commits to GitHub included a software secret, half again the rate in 2021, putting applications and businesses at risk.📖 Read
via "Dark Reading".
Dark Reading
Inside Threat: Developers Leaked 10M Credentials, Passwords in 2022
More than five out of every 1,000 commits to GitHub included a software secret, half again the rate in 2021, putting applications and businesses at risk.