‼ CVE-2023-1344 ‼
📖 Read
via "National Vulnerability Database".
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucss_update_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1336 ‼
📖 Read
via "National Vulnerability Database".
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to disable caching.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1335 ‼
📖 Read
via "National Vulnerability Database".
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to connect a new license key to the site.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1339 ‼
📖 Read
via "National Vulnerability Database".
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to update caching rules.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1346 ‼
📖 Read
via "National Vulnerability Database".
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_page_cache function. This makes it possible for unauthenticated attackers to clear the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1341 ‼
📖 Read
via "National Vulnerability Database".
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ajax_deactivate function. This makes it possible for unauthenticated attackers to turn off caching via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1333 ‼
📖 Read
via "National Vulnerability Database".
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete the plugin's cache.📖 Read
via "National Vulnerability Database".
🕴 ChatGPT Browser Extension Hijacks Facebook Business Accounts 🕴
📖 Read
via "Dark Reading".
Between March 3 and March 9, at least 2,000 people a day downloaded the malicious "Quick access to ChatGPT" Chrome extension from the Google Play app store.📖 Read
via "Dark Reading".
Dark Reading
ChatGPT Browser Extension Hijacks Facebook Business Accounts
Between March 3 and March 9, at least 2,000 people a day downloaded the malicious "Quick access to ChatGPT" Chrome extension from the Google Play app store.
🕴 And the Cyberattack Goes To ... Oscar-Nominated Film Fans 🕴
📖 Read
via "Dark Reading".
With the rise of cybercriminals targeting online piracy, this year's Oscar-nom fans need to be especially careful not to download malicious files while attempting to watch popular films for free.📖 Read
via "Dark Reading".
Dark Reading
And the Cyberattack Goes to ... Fans of Oscar-Nominated Films
With the rise of cybercriminals targeting online piracy, this year's Oscar-nom fans need to be especially careful not to download malicious files while attempting to watch popular films for free.
‼ CVE-2022-47457 ‼
📖 Read
via "National Vulnerability Database".
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40531 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27788 ‼
📖 Read
via "National Vulnerability Database".
HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability. By tricking a user into clicking a crafted URL, a remote unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22075 ‼
📖 Read
via "National Vulnerability Database".
Information Disclosure in Graphics during GPU context switch.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40540 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40530 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33254 ‼
📖 Read
via "National Vulnerability Database".
Transient DOS due to reachable assertion in Modem while processing SIB1 Message.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44574 ‼
📖 Read
via "National Vulnerability Database".
An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33278 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37939 ‼
📖 Read
via "National Vulnerability Database".
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and Superdome Flex 280 Servers v1.45.8.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27898 ‼
📖 Read
via "National Vulnerability Database".
Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33256 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption due to improper validation of array index in Multi-mode call processor.📖 Read
via "National Vulnerability Database".