‼ CVE-2022-4462 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This vulnerability could allow a user to unmask the Discord Webhook URL through viewing the raw API response.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1084 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Owner level privileges using a crafted request.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0483 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible for a project maintainer to extract a Datadog integration API key by modifying the site.📖 Read
via "National Vulnerability Database".
🕴 US Lawmakers Face Cyberattacks, Potential Physical Harm After DC Health Link Breach 🕴
📖 Read
via "Dark Reading".
The threat actor who posted the data for sale has claimed credit for multiple other breaches, including one at grocery platform Weee! that exposed data on more than 1.1 million customers.📖 Read
via "Dark Reading".
Dark Reading
US Lawmakers Face Cyberattacks, Potential Physical Harm After DC Health Link Breach
The threat actor who posted the data for sale has claimed credit for multiple other breaches, including one at grocery platform Weee! that exposed data on more than 1.1 million customers.
🕴 IceFire Ransomware Portends a Broader Shift From Windows to Linux 🕴
📖 Read
via "Dark Reading".
IceFire has changed up its OS target in recent cyberattacks, emblematic of ransomware actors increasingly targeting Linux enterprise networks, despite the extra work involved.📖 Read
via "Dark Reading".
Dark Reading
IceFire Ransomware Portends a Broader Shift From Windows to Linux
IceFire has changed up its OS target in recent cyberattacks, emblematic of ransomware actors increasingly targeting Linux enterprise networks, despite the extra work involved.
🕴 AT&T Vendor Breach Exposes Data on 9M Wireless Accounts 🕴
📖 Read
via "Dark Reading".
AT&T is notifying customers of a Customer Proprietary Network Information compromise, exposing years-old upgrade details.📖 Read
via "Dark Reading".
Dark Reading
AT&T Vendor Breach Exposes Data on 9M Wireless Accounts
AT&T is notifying customers of a Customer Proprietary Network Information compromise, exposing years-old upgrade details.
🕴 Forrester Study Reveals Businesses Are Insufficiently Prepared to Manage Enterprise Risks 🕴
📖 Read
via "Dark Reading".
Study underscores the clear and pressing need for real-time physical and cyber threat alerts for effective enterprise risk management and business resilience.📖 Read
via "Dark Reading".
Dark Reading
Forrester Study Reveals Businesses Are Insufficiently Prepared to Manage Enterprise Risks
Study underscores the clear and pressing need for real-time physical and cyber threat alerts for effective enterprise risk management and business resilience.
🕴 ThreatBlockr Announces Partnership With Engaged Security Partners 🕴
📖 Read
via "Dark Reading".
This strategic partnership highlights the importance of breach prevention and creating a proactive security culture.📖 Read
via "Dark Reading".
Dark Reading
ThreatBlockr Announces Partnership With Engaged Security Partners
This strategic partnership highlights the importance of breach prevention and creating a proactive security culture.
🕴 Keeper Security Issues Top 5 Cybersecurity Tips for 2023 College Basketball Tournament 🕴
📖 Read
via "Dark Reading".
📖 Read
via "Dark Reading".
Dark Reading
Keeper Security Issues Top 5 Cybersecurity Tips for 2023 College Basketball Tournament
CHICAGO, March 9, 2023 /PRNewswire/ -- March is an exciting time for diehard and casual college basketball fans alike, but anyone planning to have fun around the tournament should stay vigilant to protect their personal and financial information from cyberthreats.…
🕴 Avast Introduces Avast One Platinum 🕴
📖 Read
via "Dark Reading".
New premium service provides all-in-one personal protection beyond device security to include identity restoration and unlimited 24/7 tech support.📖 Read
via "Dark Reading".
Dark Reading
Avast Introduces Avast One Platinum
New premium service provides all-in-one personal protection beyond device security to include identity restoration and unlimited 24/7 tech support.
‼ CVE-2023-27212 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in /php-opos/signup.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26957 ‼
📖 Read
via "National Vulnerability Database".
onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27210 ‼
📖 Read
via "National Vulnerability Database".
Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/view_order.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27213 ‼
📖 Read
via "National Vulnerability Database".
Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1302 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in SourceCodester File Tracker Manager System 1.0. This affects an unknown part of the file normal/borrow1.php. The manipulation of the argument id with the input 1"><script>alert(1111)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222663.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4331 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with SAML SSO enabled is transferred to a new namespace as a child group, it's possible previously removed malicious maintainer or owner of the child group can still gain access to the group via SSO or a SCIM token to perform actions on the group.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27202 ‼
📖 Read
via "National Vulnerability Database".
Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/receipt.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20049 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of malformed BFD packets that are received on line cards where the BFD hardware offload feature is enabled. An attacker could exploit this vulnerability by sending a crafted IPv4 BFD packet to an affected device. A successful exploit could allow the attacker to cause line card exceptions or a hard reset, resulting in loss of traffic over that line card while the line card reloads.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3381 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sites📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27204 ‼
📖 Read
via "National Vulnerability Database".
Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/manage_user.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27490 ‼
📖 Read
via "National Vulnerability Database".
NextAuth.js is an open source authentication solution for Next.js applications. `next-auth` applications using OAuth provider versions before `v4.20.1` have been found to be subject to an authentication vulnerability. A bad actor who can read traffic on the victim's network or who is able to social engineer the victim to click a manipulated login link could intercept and tamper with the authorization URL to **log in as the victim**, bypassing the CSRF protection. This is due to a partial failure during a compromised OAuth session where a session code is erroneously generated. This issue has been addressed in version 4.20.1. Users are advised to upgrade. Users unable to upgrade may using Advanced Initialization, manually check the callback request for state, pkce, and nonce against the provider configuration to prevent this issue. See the linked GHSA for details.📖 Read
via "National Vulnerability Database".