βΌ CVE-2023-30331 βΌ
π Read
via "National Vulnerability Database".
An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection (SSTI) via a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30077 βΌ
π Read
via "National Vulnerability Database".
Judging Management System v1.0 by oretnom23 was discovered to vulnerable to SQL injection via /php-jms/review_result.php?mainevent_id=, mainevent_id.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27075 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting vulnerability (XSS) in the component microbin/src/pasta.rs of Microbin v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.π Read
via "National Vulnerability Database".
π₯1
βΌ CVE-2023-27568 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability inSpryker Commerce OS 0.9 that allows for access to sensitive data via customer/order?orderSearchForm[searchText]=π Read
via "National Vulnerability Database".
π1π₯1
βΌ CVE-2022-47757 βΌ
π Read
via "National Vulnerability Database".
In imo.im 2022.11.1051, a path traversal vulnerability delivered via an unsanitized deeplink can force the application to write a file into the application's data directory. This may allow an attacker to save a shared library under a special directory which the app uses to dynamically load modules. Loading the library can lead to arbitrary code execution.π Read
via "National Vulnerability Database".
π₯2
βΌ CVE-2023-26125 βΌ
π Read
via "National Vulnerability Database".
Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning.**Note:** Although this issue does not pose a significant threat on its own it can serve as an input vector for other more impactful vulnerabilities. However, successful exploitation may depend on the server configuration and whether the header is used in the application logic.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22651 βΌ
π Read
via "National Vulnerability Database".
Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster.The issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25934 βΌ
π Read
via "National Vulnerability Database".
DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request.π Read
via "National Vulnerability Database".
π’ As Google launches passwordless authentication for all, what are the business benefits of passkeys? π’
π Read
via "ITPro".
Google follows Apple in its latest shift to passwordless authentication, but what are the benefits? π Read
via "ITPro".
ITPro
As Google launches passwordless authentication for all, what are the business benefits of passkeys?
Google follows Apple in its latest shift to passwordless authentication, but what are the benefits?
β Tracked by hidden tags? Apple and Google unite to propose safety and security standardsβ¦ β
π Read
via "Naked Security".
To bleat, or not to bleat, that is the question.π Read
via "Naked Security".
Naked Security
Tracked by hidden tags? Apple and Google unite to propose safety and security standardsβ¦
To bleat, or not to bleat, that is the question.
βΌ CVE-2017-20184 βΌ
π Read
via "National Vulnerability Database".
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Carlo Gavazzi Powersoft up to version 2.1.1.1 allows an unauthenticated, remote attacker to download any file from the affected device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4259 βΌ
π Read
via "National Vulnerability Database".
Due to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.π Read
via "National Vulnerability Database".
π΄ Microsoft Patches Serious Azure Cloud Security Flaws π΄
π Read
via "Dark Reading".
Three vulnerabilities in the platform's API Management Service could allow access sensitive data, mount further attacks, and even hijack developer portals.π Read
via "Dark Reading".
Dark Reading
Microsoft Patches Serious Azure Cloud Security Flaws
Three vulnerabilities in the platform's API Management Service could allow access sensitive data, mount further attacks, and even hijack developer portals.
π΄ New Generative AI Tools Aim to Improve Security π΄
π Read
via "Dark Reading".
The debate over whether ChatGPT and other generative AI tools will benefit defenders or further embolden attackers may be ongoing, but companies are going forward with new tools.π Read
via "Dark Reading".
Dark Reading
New Generative AI Tools Aim to Improve Security
The debate over whether ChatGPT and other generative AI tools will benefit defenders or further embolden attackers may be ongoing, but companies are going forward with new tools.
β World Password Day: 2 + 2 = 4 β
π Read
via "Naked Security".
We've kept it short and simple, with no sermons, no judgmentalism, no tubthumping... and no BUY NOW buttons. Have a nice day!π Read
via "Naked Security".
Naked Security
World Password Day: 2 + 2 = 4
Weβve kept it short and simple, with no sermons, no judgmentalism, no tubthumpingβ¦ and no BUY NOW buttons. Have a nice day!
π΄ Famine to Feast and Back: Startups Adjust to Economic Realities π΄
π Read
via "Dark Reading".
Cybersecurity is a hotbed of startup activity, and with good reason. Startups typically look for an IPO or acquisition, but right now IPOs are off the table.π Read
via "Dark Reading".
Dark Reading
Famine to Feast and Back: Startups Adjust to Economic Realities
Cybersecurity is a hotbed of startup activity, and with good reason. Startups typically look for an IPO or acquisition, but right now IPOs are off the table.
βΌ CVE-2023-26016 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tauhidul Alam Simple Portfolio Gallery plugin <=Γ 0.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25962 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari Accordion Γ’β¬β Multiple Accordion or FAQs Builder plugin <=Γ 2.3.0 versions.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-45818 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WP OnlineSupport, Essential Plugin Hero Banner Ultimate plugin <=Γ 1.3.4 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23470 βΌ
π Read
via "National Vulnerability Database".
IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing. By using a specially crafted SQL operation, the administrator could exploit the vulnerability to perform additional administrator operations. IBM X-Force ID: 244510.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24958 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52.200.111, 8.52.102.13, and 8.53.0.63 could allow an authenticated user to submit a specially crafted URL leading to privilege escalation and remote code execution. IBM X-Force ID: 246320.π Read
via "National Vulnerability Database".