βΌ CVE-2023-0180 βΌ
π Read
via "National Vulnerability Database".
NVIDIA GPU Display Driver for Linux contains a vulnerability in a kernel mode layer handler, which may lead to denial of service or information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26822 βΌ
π Read
via "National Vulnerability Database".
D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at soapcgi.main.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27025 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1793 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Police Crime Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /officer/assigncase.php of the component GET Parameter Handler. The manipulation of the argument caseid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224745 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1796 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in SourceCodester Employee Payslip Generator 1.0. Affected is an unknown function of the file /classes/Master.php?f=save_position of the component Create News Handler. The manipulation of the argument name with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224748.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1791 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Simple Task Allocation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224743.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1795 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/products/index.php of the component GET Parameter Handler. The manipulation of the argument view with the input <script>alert(666)</script> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224747.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1792 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Simple Mobile Comparison Website 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/fields/manage_field.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224744.π Read
via "National Vulnerability Database".
π₯1
βΌ CVE-2023-1794 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Police Crime Record Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/casedetails.php of the component GET Parameter Handler. The manipulation of the argument id with the input "><script>alert(233)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224746 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
π1π₯1
βΌ CVE-2023-26119 βΌ
π Read
via "National Vulnerability Database".
Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attackerΓ’β¬β’s webpage.π Read
via "National Vulnerability Database".
π΄ 4 Steps for Shifting Left & Winning the Cybersecurity Battle π΄
π Read
via "Dark Reading".
If companies prioritize communications and make the DevOps process more transparent, team members will better know what vulnerabilities to look for.π Read
via "Dark Reading".
Dark Reading
4 Steps for Shifting Left & Winning the Cybersecurity Battle
If companies prioritize communications and make the DevOps process more transparent, team members will better know what vulnerabilities to look for.
βΌ CVE-2023-26529 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DupeOff.Com DupeOff plugin <= 1.6 versions.π Read
via "National Vulnerability Database".
π΄ Name That Edge Toon: Tower of Babble π΄
π Read
via "Dark Reading".
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Edge Toon: Tower of Babble
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
π΄ How Good Is Your Advanced Threat Management? π΄
π Read
via "Dark Reading".
Whether protecting a financial institution or a hospital, everyone needs an effective strategy for fending off slippery threats like those that hide in memory.π Read
via "Dark Reading".
Dark Reading
How Good Is Your Advanced Threat Management?
Whether protecting a financial institution or a hospital, everyone needs an effective strategy for fending off slippery threats like those that hide in memory.
βΌ CVE-2022-38922 βΌ
π Read
via "National Vulnerability Database".
BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27665 βΌ
π Read
via "National Vulnerability Database".
Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28625 βΌ
π Read
via "National Vulnerability Database".
mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1766 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Akbim Computer Panon allows Reflected XSS.This issue affects Panon: before 1.0.2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1377 βΌ
π Read
via "National Vulnerability Database".
The Solidres WordPress plugin through 0.9.4 does not sanitise and escape numerous parameter before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as adminπ Read
via "National Vulnerability Database".
βΌ CVE-2023-1765 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akbim Computer Panon allows SQL Injection.This issue affects Panon: before 1.0.2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0399 βΌ
π Read
via "National Vulnerability Database".
The Image Over Image For WPBakery Page Builder WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π Read
via "National Vulnerability Database".