πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Satori Unveils Universal Data Permissions Scanner, A Free Open-Source Tool that Sheds Light on Data Access Authorization πŸ•΄

Addressing data access blindspots commonly faced by enterprises, data security leader launches the first open-source authorization analysis tool to provide universal visibility into data access permissions across multiple data stores.

πŸ“– Read

via "Dark Reading".
Dark Reading
Satori Unveils Universal Data Permissions Scanner, a Free Open Source Tool that Sheds Light on Data Access Authorization
Addressing data access blindspots commonly faced by enterprises, data security leader launches the first open-source authorization analysis tool to provide universal visibility into data access permissions across multiple data stores.
399 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ KnowBe4 Launches Password Kit to Celebrate World Password Day πŸ•΄

KnowBe4 is offering a no-cost password kit to help end users practice good password hygiene and strengthen their defenses against social engineering.

πŸ“– Read

via "Dark Reading".
Dark Reading
KnowBe4 Launches Password Kit to Celebrate World Password Day
KnowBe4 is offering a no-cost password kit to help end users practice good password hygiene and strengthen their defenses against social engineering.
460 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2553 β€Ό

Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to 2.2.0.

πŸ“– Read

via "National Vulnerability Database".
481 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2551 β€Ό

PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1.

πŸ“– Read

via "National Vulnerability Database".
572 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2554 β€Ό

External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0.

πŸ“– Read

via "National Vulnerability Database".
651 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2552 β€Ό

Cross-Site Request Forgery (CSRF) in GitHub repository unilogies/bumsys prior to 2.1.1.

πŸ“– Read

via "National Vulnerability Database".
735 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2550 β€Ό

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
858 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-26519 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Benfica Publish to Schedule plugin <=Γ‚ 4.5.4 versions.

πŸ“– Read

via "National Vulnerability Database".
839 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-26517 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff Starr Dashboard Widgets Suite plugin <=Γ‚ 3.2.1 versions.

πŸ“– Read

via "National Vulnerability Database".
1.13K views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-25491 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityΓ‚ in Samuel Marshall JCH Optimize plugin <=Γ‚ 3.2.2 versions.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
791 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-24400 β€Ό

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Hu-manity.Co Cookie Notice & Compliance for GDPR / CCPA plugin <=Γ‚ 2.4.6 versions.

πŸ“– Read

via "National Vulnerability Database".
798 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-31047 β€Ό

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.

πŸ“– Read

via "National Vulnerability Database".
830 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-32290 β€Ό

The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server.

πŸ“– Read

via "National Vulnerability Database".
806 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2564 β€Ό

OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0.

πŸ“– Read

via "National Vulnerability Database".
748 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2565 β€Ό

A vulnerability has been found in SourceCodester Multi Language Hotel Management Software 1.0 and classified as problematic. This vulnerability affects unknown code of the file ajax.php of the component POST Parameter Handler. The manipulation of the argument complaint_type with the input <script>alert(document.cookie)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228172.

πŸ“– Read

via "National Vulnerability Database".
849 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30185 β€Ό

CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
725 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30018 β€Ό

Judging Management System v1.0 is vulnerable to SQL Injection. via /php-jms/review_se_result.php?mainevent_id=.

πŸ“– Read

via "National Vulnerability Database".
752 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30257 β€Ό

A buffer overflow in the component /proc/ftxxxx-debug of FiiO M6 Build Number v1.0.4 allows attackers to escalate privileges to root.

πŸ“– Read

via "National Vulnerability Database".
752 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-29944 β€Ό

Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
707 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-29247 β€Ό

Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0.

πŸ“– Read

via "National Vulnerability Database".
630 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ North Korean APT Uses Malicious Microsoft OneDrive Links to Spread New Malware πŸ•΄

ReconShark, aimed at gaining initial access to targeted systems, is a component of previous malware used by the Kimsuky group.

πŸ“– Read

via "Dark Reading".
Dark Reading
North Korean APT Uses Malicious Microsoft OneDrive Links to Spread New Malware
ReconShark, aimed at gaining initial access to targeted systems, is a component of previous malware used by the Kimsuky group.
πŸ‘1
595 views