βΌ CVE-2022-47876 βΌ
π Read
via "National Vulnerability Database".
The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts.π Read
via "National Vulnerability Database".
βοΈ Promising Jobs at the U.S. Postal Service, βUS Job Servicesβ Leaks Customer Data βοΈ
π Read
via "Krebs on Security".
A sprawling online company based in Georgia that has made tens of millions of dollars purporting to sell access to jobs at the United States Postal Service (USPS) has exposed its internal IT operations and database of nearly 900,000 customers. The leaked records indicate the network's chief technology officer in Pakistan has been hacked for the past year, and that the entire operation was created by the principals of a Tennessee-based telemarketing firm that has promoted USPS employment websites since 2016.π Read
via "Krebs on Security".
Krebs on Security
Promising Jobs at the U.S. Postal Service, βUS Job Servicesβ Leaks Customer Data
A sprawling online company based in Georgia that has made tens of millions of dollars purporting to sell access to jobs at the United States Postal Service (USPS) has exposed its internal IT operations and database of nearly 900,000 customers.β¦
βΌ CVE-2023-2466 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)π Read
via "National Vulnerability Database".
βΌ CVE-2023-2463 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)π Read
via "National Vulnerability Database".
βΌ CVE-2023-2459 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)π Read
via "National Vulnerability Database".
βΌ CVE-2023-29839 βΌ
π Read
via "National Vulnerability Database".
A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2467 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low)π Read
via "National Vulnerability Database".
βΌ CVE-2023-2464 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)π Read
via "National Vulnerability Database".
βΌ CVE-2023-2460 βΌ
π Read
via "National Vulnerability Database".
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)π Read
via "National Vulnerability Database".
βΌ CVE-2023-2462 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium)π Read
via "National Vulnerability Database".
βΌ CVE-2023-2468 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)π Read
via "National Vulnerability Database".
βΌ CVE-2023-2461 βΌ
π Read
via "National Vulnerability Database".
Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)π Read
via "National Vulnerability Database".
βΌ CVE-2023-2465 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)π Read
via "National Vulnerability Database".
π’ Bolstering cyber security with the right channel partnerships π’
π Read
via "ITPro".
Organizations must draw on the expertise of their channel partners to support in-house security operations π Read
via "ITPro".
channelpro
Bolstering cyber security with the right channel partnerships
Organizations must draw on the expertise of their channel partners to support in-house security operations
π’ WatchGuard Firebox T85-PoE review: Big security in small spaces π’
π Read
via "ITPro".
A table-top appliance offering tough security measures for SMBs and remote offices at a great price π Read
via "ITPro".
ITPro
WatchGuard Firebox T85-PoE review: Big security in small spaces
A table-top appliance offering tough security measures for SMBs and remote offices at a great price
βΌ CVE-2023-23790 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team Pods Γ’β¬β Custom Content Types and Fields plugin <=Γ 2.9.10.2 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25786 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Thom Stark Eyes Only: User Access Shortcode plugin <=Γ 1.8.2 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25787 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wbolt team WP?????? plugin <=Γ 1.3.9 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30995 βΌ
π Read
via "National Vulnerability Database".
Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25789 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tapfiliate plugin <=Γ 3.0.12 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3405 βΌ
π Read
via "National Vulnerability Database".
Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.π Read
via "National Vulnerability Database".