βΌ CVE-2023-22288 βΌ
π Read
via "National Vulnerability Database".
HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emailsπ Read
via "National Vulnerability Database".
βΌ CVE-2023-0630 βΌ
π Read
via "National Vulnerability Database".
The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0340 βΌ
π Read
via "National Vulnerability Database".
The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. RCE could also be achieved if the attacker manage to upload a malicious image containing PHP code, and then include it via the affected attribute, on a default WP install, authors could easily achieve that given that they have the upload_file capability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0369 βΌ
π Read
via "National Vulnerability Database".
The GoToWP WordPress plugin through 5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0875 βΌ
π Read
via "National Vulnerability Database".
The WP Meta SEO WordPress plugin before 4.5.3 does not properly sanitize and escape inputs into SQL queries, leading to a blind SQL Injection vulnerability that can be exploited by subscriber+ users.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0145 βΌ
π Read
via "National Vulnerability Database".
The Saan World Clock WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0865 βΌ
π Read
via "National Vulnerability Database".
The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin before 21.7 does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high privilege users, allowing any authenticated users, such as subscriber to add/update/duplicate/delete as well as retrieve addresses of other users.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0175 βΌ
π Read
via "National Vulnerability Database".
The Responsive Clients Logo Gallery Plugin for WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0370 βΌ
π Read
via "National Vulnerability Database".
The WPB Advanced FAQ WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0365 βΌ
π Read
via "National Vulnerability Database".
The React Webcam WordPress plugin through 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0911 βΌ
π Read
via "National Vulnerability Database".
The WordPress Shortcodes Plugin Γ’β¬β Shortcodes Ultimate WordPress plugin before 5.12.8 does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as subscriber to retrieve arbitrary user meta (except the user_pass), such as the user email and activation key by default.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0631 βΌ
π Read
via "National Vulnerability Database".
The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1517 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.19.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0890 βΌ
π Read
via "National Vulnerability Database".
The WordPress Shortcodes Plugin Γ’β¬β Shortcodes Ultimate WordPress plugin before 5.12.8 does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber to view draft, private or even password protected posts. It is also possible to leak the password of protected postsπ Read
via "National Vulnerability Database".
π΄ AI Has Your Business Data π΄
π Read
via "Dark Reading".
No-code has lowered the barrier for non-developers to create applications. AI will completely eliminate it.π Read
via "Dark Reading".
Dark Reading
AI Has Your Business Data
No-code has lowered the barrier for non-developers to create applications. Artificial intelligence will completely eliminate it.
π΄ Mirai Hackers Use Golang to Create a Bigger, Badder DDoS Botnet π΄
π Read
via "Dark Reading".
With HinataBot, malware authors have created a beast many times more efficient than even the scariest botnets of old, packing more than 3Tbit/s DDoS speeds.π Read
via "Dark Reading".
Dark Reading
Mirai Hackers Use Golang to Create a Bigger, Badder DDoS Botnet
With HinataBot, malware authors have created a beast many times more efficient than even the scariest botnets of old, packing more than 3Tbit/s DDoS speeds.
π΄ ChatGPT Gut Check: Cybersecurity Threats Overhyped or Not? π΄
π Read
via "Dark Reading".
UK cybersecurity authorities and researchers tamp down fears that ChatGPT will overwhelm current defenses, while the CEO of OpenAI worries about its use in cyberattacks.π Read
via "Dark Reading".
Dark Reading
ChatGPT Gut Check: Cybersecurity Threats Overhyped or Not?
UK cybersecurity authorities and researchers tamp down fears that ChatGPT will overwhelm current defenses, while the CEO of OpenAI worries about its use in cyberattacks.
βΌ CVE-2023-28425 βΌ
π Read
via "National Vulnerability Database".
Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-43663 βΌ
π Read
via "National Vulnerability Database".
An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0681 βΌ
π Read
via "National Vulnerability Database".
Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attackerΓ’β¬β’s choice using the Γ’β¬ΛpageΓ’β¬β’ parameter of the Γ’β¬Λdata/console/redirectΓ’β¬β’ component of the application. This issue was resolved in the February, 2023 release of version 6.6.179.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45124 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the User authentication functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can sniff network traffic to leverage this vulnerability.π Read
via "National Vulnerability Database".