βΌ CVE-2023-23799 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Leonardo Giacone Easy Panorama plugin <= 1.1.4 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27620 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-site Scripting (XSS) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.12 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27810 βΌ
π Read
via "National Vulnerability Database".
H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_editlist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28706 βΌ
π Read
via "National Vulnerability Database".
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27804 βΌ
π Read
via "National Vulnerability Database".
H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29172 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PropertyHive plugin <= 1.5.46 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29170 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product Enquiry for WooCommerce, WooCommerce product catalog plugin <= 2.2.12 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28707 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43914 βΌ
π Read
via "National Vulnerability Database".
IBM TRIRIGA Application Platform 4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 241036.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28789 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27807 βΌ
π Read
via "National Vulnerability Database".
H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the Delstlist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25442 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Marcel Pol Zeno Font Resizer plugin <= 1.7.9 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27806 βΌ
π Read
via "National Vulnerability Database".
H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_dellist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28781 βΌ
π Read
via "National Vulnerability Database".
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27801 βΌ
π Read
via "National Vulnerability Database".
H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27805 βΌ
π Read
via "National Vulnerability Database".
H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditSTList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43928 βΌ
π Read
via "National Vulnerability Database".
The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a user to obtain sensitive information, caused by utilizing a Java string for processing. Since Java strings are immutable, their contents exist in memory until garbage collected. This means sensitive data could be visible in memory over an indefinite amount of time. IBM has addressed this issue by reducing the amount of time the sensitive data is visible in memory. IBM X-Force ID: 241675.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28710 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1.π Read
via "National Vulnerability Database".
π΄ Microsoft, Fortra & Health-ISAC Team Up to Remove Illicit Cobalt Strike Tools π΄
π Read
via "Dark Reading".
The effort aims to disrupt the use of altered Cobalt Strike software by cybercriminals in ransomware and other attacks.π Read
via "Dark Reading".
Dark Reading
Microsoft, Fortra & Health-ISAC Team Up to Remove Illicit Cobalt Strike Tools
The effort aims to disrupt the use of altered Cobalt Strike software by cybercriminals in ransomware and other attacks.
π1
βΌ CVE-2023-1909 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file profile.php of the component User Profile Update Handler. The manipulation of the argument name/mobno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225318 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-23761 βΌ
π Read
via "National Vulnerability Database".
An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gistΓ’β¬β’s URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program.π Read
via "National Vulnerability Database".