βΌ CVE-2023-1712 βΌ
π Read
via "National Vulnerability Database".
Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28935 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache UIMA DUCC. When using the "Distributed UIMA Cluster Computing" (DUCC) module of Apache UIMA, an authenticated user that has the permissions to modify core entities can cause command execution as the system user that runs the web process. As the "Distributed UIMA Cluster Computing" module for UIMA is retired, we do not plan to release a fix for this issue. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1699 βΌ
π Read
via "National Vulnerability Database".
Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-28733 βΌ
π Read
via "National Vulnerability Database".
AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28731 βΌ
π Read
via "National Vulnerability Database".
AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28732 βΌ
π Read
via "National Vulnerability Database".
Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin in versions below 8.3.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23681 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Labib Ahmed Image Hover Effects For WPBakery Page Builder plugin <= 4.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25040 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vova Anokhin WordPress Shortcodes Plugin Γ’β¬β Shortcodes Ultimate plugin <= 5.12.6 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24399 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in OceanWP Ocean Extra plugin <= 2.1.2 versions.π Read
via "National Vulnerability Database".
π΄ Stop Blaming the End User for Security Risk π΄
π Read
via "Dark Reading".
Don't count on securing end users for system security. Instead, focus on better securing the systems β make them closed by default and build with a security-first approach.π Read
via "Dark Reading".
Dark Reading
Stop Blaming the End User for Security Risk
Don't count on securing end users for system security. Instead, focus on better securing the systems β make them closed by default and build with a security-first approach.
β S3 Ep128: So you want to be a cybercriminal? [Audio + Text] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep128: So you want to be a cyberΒcriminal? [Audio + Text]
Latest episode β listen now!
βΌ CVE-2023-25076 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: 822bb80df9b7b345cc9eba55df74a07b498819ba). A specially crafted HTTP, TLS or DTLS packet can lead to arbitrary code execution. An attacker could send a malicious packet to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1725 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF) vulnerability in Infoline Project Management System allows Server Side Request Forgery.This issue affects Project Management System: before 4.09.31.125.π Read
via "National Vulnerability Database".
π΄ Socura Launches Managed SASE (MSASE) Service π΄
π Read
via "Dark Reading".
SASE reduces security & connectivity costs and improves employee experience.π Read
via "Dark Reading".
Dark Reading
Socura Launches Managed SASE (MSASE) Service
SASE reduces security & connectivity costs and improves employee experience.
β Supply chain blunder puts 3CX telephone app users at risk β
π Read
via "Naked Security".
Booby-trapped app, apparently signed and shipped by 3CX itself after its source code repository was broken into.π Read
via "Naked Security".
Naked Security
Supply chain blunder puts 3CX telephone app users at risk
Booby-trapped app, apparently signed and shipped by 3CX itself after its source code repository was broken into.
π΄ DataDome Closes $42M in Series C Funding to Advance the Fight Against Bot-Driven Cyberattacks and Fraud π΄
π Read
via "Dark Reading".
The investment will fund global commercial rollout and R&D efforts to debilitate fraudsters.π Read
via "Dark Reading".
Dark Reading
DataDome Closes $42M in Series C Funding to Advance the Fight Against Bot-Driven Cyberattacks and Fraud
The investment will fund global commercial rollout and R&D efforts to debilitate fraudsters.
βΌ CVE-2023-29059 βΌ
π Read
via "National Vulnerability Database".
3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the Electron macOS application.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24473 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
π΄ Organizations Reassess Cyber Insurance as Self-Insurance Strategies Emerge π΄
π Read
via "Dark Reading".
Risk reassessment is shaking up the cybersecurity insurance market, leading some organizations to consider their options, including self-insurance.π Read
via "Dark Reading".
Dark Reading
Organizations Consider Self-Insurance to Manage Risk
Risk reassessment is shaking up the cybersecurity insurance market, leading some organizations to consider their options, including self-insurance.
βΌ CVE-2023-24472 βΌ
π Read
via "National Vulnerability Database".
A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30350 βΌ
π Read
via "National Vulnerability Database".
Avanquest Software RAD PDF (PDFEscape Online) 3.19.2.2 is vulnerable to Information Leak / Disclosure. The PDFEscape Online tool provides users with a "white out" functionality for redacting images, text, and other graphics from a PDF document. However, this mechanism does not remove underlying text or PDF object specification information from the PDF. As a result, for example, redacted text may be copy-pasted by a PDF reader.π Read
via "National Vulnerability Database".