๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.9K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.9K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-30018 โ€ผ

Judging Management System v1.0 is vulnerable to SQL Injection. via /php-jms/review_se_result.php?mainevent_id=.

๐Ÿ“– Read

via "National Vulnerability Database".
752 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-30257 โ€ผ

A buffer overflow in the component /proc/ftxxxx-debug of FiiO M6 Build Number v1.0.4 allows attackers to escalate privileges to root.

๐Ÿ“– Read

via "National Vulnerability Database".
752 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-29944 โ€ผ

Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench

๐Ÿ“– Read

via "National Vulnerability Database".
๐Ÿ‘1
707 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-29247 โ€ผ

Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0.

๐Ÿ“– Read

via "National Vulnerability Database".
630 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด North Korean APT Uses Malicious Microsoft OneDrive Links to Spread New Malware ๐Ÿ•ด

ReconShark, aimed at gaining initial access to targeted systems, is a component of previous malware used by the Kimsuky group.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
North Korean APT Uses Malicious Microsoft OneDrive Links to Spread New Malware
ReconShark, aimed at gaining initial access to targeted systems, is a component of previous malware used by the Kimsuky group.
๐Ÿ‘1
595 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด Why the FTX Collapse Was an Identity Problem ๐Ÿ•ด

Cryptocurrency has a valuable role to play in a Web3 world โ€” but only if the public can fully trust it.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
Why the FTX Collapse Was an Identity Problem
Cryptocurrency has a valuable role to play in a Web3 world โ€” but only if the public can fully trust it.
477 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-25052 โ€ผ

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa Yandex.News Feed by Teplitsa plugin <=ร‚ 1.12.5 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
356 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2575 โ€ผ

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by aร‚ Stack-based Buffer Overflow vulnerability, which can be triggered by authenticatedร‚ users via a crafted POST request.

๐Ÿ“– Read

via "National Vulnerability Database".
344 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-25452 โ€ผ

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Pretty (prettyboymp) CMS Press plugin <=ร‚ 0.2.3 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
332 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2574 โ€ผ

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request.

๐Ÿ“– Read

via "National Vulnerability Database".
301 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-25754 โ€ผ

Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0.

๐Ÿ“– Read

via "National Vulnerability Database".
289 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-45812 โ€ผ

Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Martin Lees Exxp plugin <=ร‚ 2.6.8 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
291 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2573 โ€ผ

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request.

๐Ÿ“– Read

via "National Vulnerability Database".
288 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-46799 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form plugin <=ร‚ 1.0.15 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
294 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-28169 โ€ผ

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CoreFortress Easy Event calendar plugin <=ร‚ 1.0 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
301 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-23668 โ€ผ

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in GiveWP pluginร‚ <= 2.25.1 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
305 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-25021 โ€ผ

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in FareHarbor FareHarbor for WordPress plugin <=ร‚ 3.6.6 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
318 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-1651 โ€ผ

The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to Stored XSS

๐Ÿ“– Read

via "National Vulnerability Database".
293 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-0537 โ€ผ

The Product Slider For WooCommerce Lite WordPress plugin through 1.1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

๐Ÿ“– Read

via "National Vulnerability Database".
285 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-22790 โ€ผ

Multiple authenticated command injection vulnerabilitiesร‚ exist in the Aruba InstantOS and ArubaOS 10 command lineร‚ interface. Successful exploitation of these vulnerabilitiesร‚ result in the ability to execute arbitrary commands as aร‚ privileged user on the underlying operating system.

๐Ÿ“– Read

via "National Vulnerability Database".
222 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-22781 โ€ผ

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticatedร‚ remote code execution by sending specially crafted packetsร‚ destined to the PAPI (Aruba's access point managementร‚ protocol) UDP port (8211). Successful exploitation of theseร‚ vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

๐Ÿ“– Read

via "National Vulnerability Database".
187 views