βΌ CVE-2023-1315 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1316 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1321 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in lmxcms 1.41 and classified as critical. Affected by this vulnerability is the function update of the file AcquisiAction.class.php. The manipulation of the argument id with the input -1 and updatexml(0,concat(0x7e,user()),1)# leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222727.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1318 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6.π Read
via "National Vulnerability Database".
π₯1
βΌ CVE-2023-27164 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file.π Read
via "National Vulnerability Database".
π₯1
β SHEIN shopping app goes rogue, grabs price and URL data from your clipboard β
π Read
via "Naked Security".
It's not exactly data theft, but it's worrying close to "unintentional treachery" - apparently because it's great for marketing purposesπ Read
via "Naked Security".
Naked Security
SHEIN shopping app goes rogue, grabs price and URL data from your clipboard
Itβs not exactly data theft, but itβs worryingly close to βunintentional treacheryβ β apparently because itβs great for marketing purposes
π΄ Unpatched Zero-Day Bugs in Smart Intercom Allow Remote Eavesdropping π΄
π Read
via "Dark Reading".
A video-enabled smart intercom made by Chinese company Akuvox has major security vulnerabilities that allow audio and video spying, and the company has so far been unresponsive to the discoveries.π Read
via "Dark Reading".
Dark Reading
Unpatched Zero-Day Bugs in Smart Intercom Allow Remote Eavesdropping
A video-enabled smart intercom made by Chinese company Akuvox has major security vulnerabilities that allow audio and video spying, and the company has so far been unresponsive to the discoveries.
βΌ CVE-2023-27852 βΌ
π Read
via "National Vulnerability Database".
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27850 βΌ
π Read
via "National Vulnerability Database".
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27853 βΌ
π Read
via "National Vulnerability Database".
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26075 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, Exynos Auto T5123, and Exynos W920. An intra-object overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the Service Area List.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27851 βΌ
π Read
via "National Vulnerability Database".
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentionally allows users with upload permissions to execute arbitrary code on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1205 βΌ
π Read
via "National Vulnerability Database".
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1328 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Guizhou 115cms 4.2. It has been classified as problematic. Affected is an unknown function of the file /admin/content/index. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222738 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1334 βΌ
π Read
via "National Vulnerability Database".
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify the plugin's cache.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1343 βΌ
π Read
via "National Vulnerability Database".
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the attach_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1337 βΌ
π Read
via "National Vulnerability Database".
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1345 βΌ
π Read
via "National Vulnerability Database".
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queue_posts function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1342 βΌ
π Read
via "National Vulnerability Database".
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucss_connect function. This makes it possible for unauthenticated attackers to connect the site to a new license key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1340 βΌ
π Read
via "National Vulnerability Database".
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_uucss_logs function. This makes it possible for unauthenticated attackers to clear plugin logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1338 βΌ
π Read
via "National Vulnerability Database".
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify cache rules.π Read
via "National Vulnerability Database".