βΌ CVE-2020-14140 βΌ
π Read
via "National Vulnerability Database".
When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. This vulnerability is caused by the lack of access control policies on some API interfaces. Attackers can exploit this vulnerability to enter the background and execute background command injection.π Read
via "National Vulnerability Database".
π΄ Spira Takes Aim at Identity Security Posture Management π΄
π Read
via "Dark Reading".
ISPM is a combination of identity attack surface management, and risk reduction, as well as identity threat prevention, detection, and response.π Read
via "Dark Reading".
Dark Reading
Spera Takes Aim at Identity Security Posture Management
ISPM is a combination of identity attack surface management and risk reduction, as well as identity threat prevention, detection, and response.
βΌ CVE-2023-1013 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Virames Vira-Investing allows Cross-Site Scripting (XSS).This issue affects Vira-Investing: before 1.0.84.86.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1014 βΌ
π Read
via "National Vulnerability Database".
Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Virames Vira-Investing allows Account Footprinting.This issue affects Vira-Investing: before 1.0.84.86.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26117 βΌ
π Read
via "National Vulnerability Database".
All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26118 βΌ
π Read
via "National Vulnerability Database".
All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26116 βΌ
π Read
via "National Vulnerability Database".
All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23670 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Team Heateor Fancy Comments WordPress plugin <= 1.2.10 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23675 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catchsquare WP Smart Preloader plugin <= 1.15 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23677 βΌ
π Read
via "National Vulnerability Database".
Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.5 versions.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-1712 βΌ
π Read
via "National Vulnerability Database".
Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28935 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache UIMA DUCC. When using the "Distributed UIMA Cluster Computing" (DUCC) module of Apache UIMA, an authenticated user that has the permissions to modify core entities can cause command execution as the system user that runs the web process. As the "Distributed UIMA Cluster Computing" module for UIMA is retired, we do not plan to release a fix for this issue. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1699 βΌ
π Read
via "National Vulnerability Database".
Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-28733 βΌ
π Read
via "National Vulnerability Database".
AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28731 βΌ
π Read
via "National Vulnerability Database".
AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28732 βΌ
π Read
via "National Vulnerability Database".
Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin in versions below 8.3.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23681 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Labib Ahmed Image Hover Effects For WPBakery Page Builder plugin <= 4.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25040 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vova Anokhin WordPress Shortcodes Plugin Γ’β¬β Shortcodes Ultimate plugin <= 5.12.6 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24399 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in OceanWP Ocean Extra plugin <= 2.1.2 versions.π Read
via "National Vulnerability Database".
π΄ Stop Blaming the End User for Security Risk π΄
π Read
via "Dark Reading".
Don't count on securing end users for system security. Instead, focus on better securing the systems β make them closed by default and build with a security-first approach.π Read
via "Dark Reading".
Dark Reading
Stop Blaming the End User for Security Risk
Don't count on securing end users for system security. Instead, focus on better securing the systems β make them closed by default and build with a security-first approach.
β S3 Ep128: So you want to be a cybercriminal? [Audio + Text] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep128: So you want to be a cyberΒcriminal? [Audio + Text]
Latest episode β listen now!