βΌ CVE-2023-33254 βΌ
π Read
via "National Vulnerability Database".
There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an authenticated attacker edits the user-authentication settings to specify an attacker-controlled LDAP server, clicks the Test Settings button, and captures the cleartext credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0010 βΌ
π Read
via "National Vulnerability Database".
Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools.An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes. This issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22714 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Coming Soon by Supsystic plugin <=Γ 1.7.10 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33297 βΌ
π Read
via "National Vulnerability Database".
Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33235 βΌ
π Read
via "National Vulnerability Database".
MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22709 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Atif N SRS Simple Hits Counter plugin <=Γ 1.1.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23813 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <=Γ 3.4.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23712 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in User Meta Manager plugin <=Γ 3.4.9 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22688 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Abdul Ibad WP Tabs Slides plugin <=Γ 2.0.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22692 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name Directory plugin <=Γ 1.27.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47142 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic Γ’β¬β Media Library Folders plugin <=Γ 2.8.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47609 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Nicearma DNUI plugin <=Γ 2.8.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23680 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Bob Goetz WP-TopBar plugin <=Γ 5.36 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33236 βΌ
π Read
via "National Vulnerability Database".
MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs.π Read
via "National Vulnerability Database".
π’ Meta to fight βunjustifiedβ record $1.3 billion GDPR fine π’
π Read
via "ITPro".
The company has been ordered to cease EU-US data transfers π Read
via "ITPro".
ITPro
Meta to fight βunjustifiedβ record $1.3 billion GDPR fine
The company has been ordered to cease EU-US data transfers
βΌ CVE-2022-45376 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in XootiX Side Cart Woocommerce (Ajax) <Γ 2.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45079 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginizer plugin <=Γ 1.7.5 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28709 βΌ
π Read
via "National Vulnerability Database".
The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCountΓ could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parametersΓ in the query string, the limit for uploaded request parts could beΓ bypassed with the potential for a denial of service to occur.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47611 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // cs&m Hover Image plugin <=Γ 1.4.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41608 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum plugin <=Γ 2.2.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47167 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Aram Kocharyan Crayon Syntax Highlighter plugin <=Γ 2.8.4 versions.π Read
via "National Vulnerability Database".