🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-28422 ‼

Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce <= 3.8.6. versions.

📖 Read

via "National Vulnerability Database".

268 views14:51

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-4224 ‼

In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.

📖 Read

via "National Vulnerability Database".

272 views14:51

🛡 Cybersecurity & Privacy 🛡 - News

🕴 Okta Post-Exploitation Method Exposes User Passwords 🕴

Accidentally typing a password in the username field of the platform saves them to audit logs, to which threat actors can gain access and use to compromise enterprise services.

📖 Read

via "Dark Reading".

Dark Reading

Okta Post-Exploitation Method Exposes User Passwords

Accidentally typing a password in the username field of the platform saves them to audit logs, to which threat actors can gain access and use to compromise enterprise services.

295 views15:50

🛡 Cybersecurity & Privacy 🛡 - News

⚠ Windows 11 also vulnerable to “aCropalypse” image data leakage ⚠

Turns out that the Windows 11 Snipping Tool has the same "aCropalypse" data leakage bug as Pixel phones. Here's how to work around the problem...

📖 Read

via "Naked Security".

Naked Security

Windows 11 also vulnerable to “aCropalypse” image data leakage

Turns out that the Windows 11 Snipping Tool has the same “aCropalypse” data leakage bug as Pixel phones. Here’s how to work around the problem…

265 views16:13

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-23728 ‼

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Winwar Media WP Flipclock plugin <= 1.7.4 versions.

📖 Read

via "National Vulnerability Database".

220 views16:41

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-28491 ‼

TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

📖 Read

via "National Vulnerability Database".

198 views16:41

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-27079 ‼

Command Injection vulnerability found in Tenda G103 v.1.0.05 allows an attacker to obtain sensitive information via a crafted package

📖 Read

via "National Vulnerability Database".

187 views16:41

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-23864 ‼

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Michael Aronoff Very Simple Google Maps plugin <= 2.8.4 versions.

📖 Read

via "National Vulnerability Database".

167 views16:41

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-28492 ‼

TOTOLINK Technology CPE with firmware V6.3c.566 ,allows remote attackers to bypass Login.

📖 Read

via "National Vulnerability Database".

162 views16:41

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-23722 ‼

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media WP eBay Product Feeds plugin <= 3.3.1 versions.

📖 Read

via "National Vulnerability Database".

156 views16:41

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-22712 ‼

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TemplatesNext TemplatesNext ToolKit plugin <= 3.2.7 versions.

📖 Read

via "National Vulnerability Database".

152 views16:41

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-22716 ‼

Auth. (admin+) Cross-Site Scripting vulnerability in OOPSpam OOPSpam Anti-Spam plugin <= 1.1.35 versions.

📖 Read

via "National Vulnerability Database".

146 views16:41

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-27078 ‼

A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint.

📖 Read

via "National Vulnerability Database".

146 views16:41

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-27077 ‼

Stack Overflow vulnerability found in 360 D901 allows a remote attacker to cause a Distributed Denial of Service (DDOS) via a crafted HTTP package.

📖 Read

via "National Vulnerability Database".

150 views16:41

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-22702 ‼

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WPMobile.App WPMobile.App â€” Android and iOS Mobile Application plugin <= 11.13 versions.

📖 Read

via "National Vulnerability Database".

152 views16:41

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-47589 ‼

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in this.Functional CTT Expresso para WooCommerce plugin <= 3.2.11 versions.

📖 Read

via "National Vulnerability Database".

154 views16:41

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-28493 ‼

A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start the Telnet service,

📖 Read

via "National Vulnerability Database".

153 views16:41

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-28772 ‼

An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.

📖 Read

via "National Vulnerability Database".

163 views16:41

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-27135 ‼

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg.

📖 Read

via "National Vulnerability Database".

172 views16:41

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-22715 ‼

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Lester 'GaMerZ' Chan WP-CommentNavi plugin <= 1.12.1 versions.

📖 Read

via "National Vulnerability Database".

184 views16:41

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-23650 ‼

Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in MainWP MainWP Code Snippets Extension plugin <= 4.0.2 versions.

📖 Read

via "National Vulnerability Database".

193 views16:41

About

Blog

Apps

Platform