‼ CVE-2023-0420 ‼
📖 Read
via "National Vulnerability Database".
The Custom Post Type and Taxonomy GUI Manager WordPress plugin through 1.1 does not have CSRF, and is lacking sanitising as well as escaping in some parameters, allowing attackers to make a logged in admin put Stored Cross-Site Scripting payloads via CSRF📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1126 ‼
📖 Read
via "National Vulnerability Database".
The WP FEvents Book WordPress plugin through 0.46 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks📖 Read
via "National Vulnerability Database".
‼ CVE-2012-10013 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Kau-Boy Backend Localization Plugin up to 1.6.1 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the file backend_localization.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.0 is able to address this issue. The name of the patch is 43dc96defd7944da12ff116476a6890acd7dd24b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227231.📖 Read
via "National Vulnerability Database".
‼ CVE-2012-10014 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in Kau-Boy Backend Localization Plugin 2.0 on WordPress. Affected is the function backend_localization_admin_settings/backend_localization_save_setting/backend_localization_login_form/localize_backend of the file backend_localization.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is 36f457ee16dd114e510fd91a3ea9fbb3c1f87184. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227232.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0388 ‼
📖 Read
via "National Vulnerability Database".
The Random Text WordPress plugin through 0.3.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers.📖 Read
via "National Vulnerability Database".
🕴 Google Workspace Extends Enterprise-Grade Security and Device Management for Hybrid Work With Okta and VMware 🕴
📖 Read
via "Dark Reading".
JumpCloud integrates with Google Workspace to extend enterprise-quality security capabilities to small and midsize organizations.📖 Read
via "Dark Reading".
Dark Reading
Google Workspace Extends Enterprise-Grade Security and Device Management for Hybrid Work With Okta and VMware
JumpCloud integrates with Google Workspace to extend enterprise-quality security capabilities to small and midsize organizations.
‼ CVE-2023-2250 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service account to list all secrets for all kubernetes namespaces, leading into a cluster-level privilege escalation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30626 ‼
📖 Read
via "National Vulnerability Database".
Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the `ClientLogController`, specifically `/ClientLog/Document`. When combined with a cross-site scripting vulnerability (CVE-2023-30627), this can result in file write and arbitrary code execution. Version 10.8.10 has a patch for this issue. There are no known workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28484 ‼
📖 Read
via "National Vulnerability Database".
In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2259 ‼
📖 Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30627 ‼
📖 Read
via "National Vulnerability Database".
jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prior to version 10.8.10, a stored cross-site scripting vulnerability in device.js can be used to make arbitrary calls to the `REST` endpoints with admin privileges. When combined with CVE-2023-30626, this results in remote code execution on the Jellyfin instance in the context of the user who's running it. This issue is patched in version 10.8.10. There are no known workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2006 ‼
📖 Read
via "National Vulnerability Database".
A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29469 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2258 ‼
📖 Read
via "National Vulnerability Database".
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28354 ‼
📖 Read
via "National Vulnerability Database".
In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to XSS when setting a time period.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2260 ‼
📖 Read
via "National Vulnerability Database".
Improper Authorization of Index Containing Sensitive Information in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29530 ‼
📖 Read
via "National Vulnerability Database".
Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value, can cause an invalid message. This can lead to denial of service vectors or application errors. The problem has been patched in following versions 2.18.1, 2.19.1, 2.20.1, 2.21.1, 2.22.1, 2.23.1, 2.24.1, and 2.25.1. As a workaround, validate HTTP header keys and/or values, and if using user-supplied values, filter them to strip off leading or trailing newline characters before calling `withHeader()`.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2019 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system.📖 Read
via "National Vulnerability Database".
🕴 Millions of Artifacts, Misconfigured Enterprise Software Registries Are Ripe for Pwning 🕴
📖 Read
via "Dark Reading".
Researchers find 250 million artifacts and 65,000 container images exposed in registries and repositories scattered across the Internet.📖 Read
via "Dark Reading".
Dark Reading
Millions of Artifacts, Misconfigured Enterprise Software Registries Are Ripe for Pwning
Researchers find 250 million artifacts and 65,000 container images exposed in registries and repositories scattered across the Internet.
🕴 Tangled Up: 'Tomiris' APT Uses Turla Malware, Confusing Researchers 🕴
📖 Read
via "Dark Reading".
Researchers are unraveling the threads connecting two separate, but in some ways overlapping, Russian-language APTs.📖 Read
via "Dark Reading".
Dark Reading
Tangled Up: 'Tomiris' APT Uses Turla Malware, Confusing Researchers
Researchers are unraveling the threads connecting two separate, but in some ways overlapping, Russian-language APTs.
‼ CVE-2023-30414 ‼
📖 Read
via "National Vulnerability Database".
Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component vm_loop at /jerry-core/vm/vm.c.📖 Read
via "National Vulnerability Database".