βΌ CVE-2023-26982 βΌ
π Read
via "National Vulnerability Database".
Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1680 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in Xunrui CMS 4.61. This issue affects some unknown processing of the file /dayrui/My/View/main.html. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224237 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-1663 βΌ
π Read
via "National Vulnerability Database".
Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and its contents are accessible. 5.9 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C)π Read
via "National Vulnerability Database".
βΌ CVE-2023-1575 βΌ
π Read
via "National Vulnerability Database".
The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.π Read
via "National Vulnerability Database".
β€1
β Cops use fake DDoS services to take aim at wannabe cybercriminals β
π Read
via "Naked Security".
Thinking of trying a bit of DDoSsing to get a feel for life at the fringes of the Dark Side? Don't do it!π Read
via "Naked Security".
Naked Security
Cops use fake DDoS services to take aim at wannabe cybercriminals
Thinking of trying a bit of DDoSsing to get a feel for life at the fringes of the Dark Side? Donβt do it!
β Apple patches everything, including a zero-day fix for iOS 15 users β
π Read
via "Naked Security".
Got an older iPhone that can't run iOS 16? You've got a zero-day to deal with! That super-cool Studio Display monitor needs patching, too.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Using Observability to Power a Smarter Cybersecurity Strategy π΄
π Read
via "Dark Reading".
With an infrastructure for observability, security teams can make better decisions about access and identity-based threats.π Read
via "Dark Reading".
Dark Reading
Using Observability to Power a Smarter Cybersecurity Strategy
With an infrastructure for observability, security teams can make better decisions about access and identity-based threats.
π΄ Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits π΄
π Read
via "Dark Reading".
Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.π Read
via "Dark Reading".
Dark Reading
Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits
Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.
βΌ CVE-2023-1704 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1550 βΌ
π Read
via "National Vulnerability Database".
Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when the non-default trace level logging is enabled. Note: NGINX Agent is included with NGINX Instance Manager and used in conjunction with NGINX API Connectivity Manager, and NGINX Management Suite Security Monitoring.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26290 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_reset_request.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_reset_request.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47596 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeffrey-WP Media Library Categories plugin <= 1.9.9 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26968 βΌ
π Read
via "National Vulnerability Database".
In Atrocore 1.5.25, the Create Import Feed option with glyphicon-glyphicon-paperclip function is vulnerable to Unauthenticated File upload.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48434 βΌ
π Read
via "National Vulnerability Database".
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).π Read
via "National Vulnerability Database".
βΌ CVE-2023-1703 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27167 βΌ
π Read
via "National Vulnerability Database".
Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1.π Read
via "National Vulnerability Database".
π€―1
βΌ CVE-2023-1701 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.20.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26292 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_submit.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_submit.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26291 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_form.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_form.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1702 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.π Read
via "National Vulnerability Database".
π΄ Cybersecurity Investment and M&A Activity Slowed in Q1, 2023 π΄
π Read
via "Dark Reading".
Security analysts expect little improvement until at least the second half of the year.π Read
via "Dark Reading".
Dark Reading
Cybersecurity Investment Outlook Remains Grim as Funding Activity Sharply Declines
Security analysts expect little improvement until at least the second half of the year.