βΌ CVE-2023-28408 βΌ
π Read
via "National Vulnerability Database".
Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthenticated attacker to alter the website or cause a denial-of-service (DoS) condition, and obtain sensitive information depending on settings.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27387 βΌ
π Read
via "National Vulnerability Database".
Cross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to conduct an arbitrary operation by having a logged-in user view a malicious page. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions).π Read
via "National Vulnerability Database".
βΌ CVE-2023-22654 βΌ
π Read
via "National Vulnerability Database".
Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web browser. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions).π Read
via "National Vulnerability Database".
βΌ CVE-2023-28413 βΌ
π Read
via "National Vulnerability Database".
Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service (DoS) condition.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31740 βΌ
π Read
via "National Vulnerability Database".
There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WL_atten_bb, WL_atten_radio, and WL_atten_ctl in the apply.cgi interface, thereby gaining shell privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28394 βΌ
π Read
via "National Vulnerability Database".
Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25440 βΌ
π Read
via "National Vulnerability Database".
Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27923 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27514 βΌ
π Read
via "National Vulnerability Database".
OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26595 βΌ
π Read
via "National Vulnerability Database".
Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition.π Read
via "National Vulnerability Database".
π’ PyPI attack: Targeting of repository 'shows no sign of stopping' π’
π Read
via "ITPro".
Greater collaboration and understanding of attackersβ tactics is key to mitigating open source security threats π Read
via "ITPro".
ITPro
PyPI attack: Targeting of repository 'shows no sign of stopping'
Greater collaboration and understanding of attackersβ tactics is key to mitigating open source security threats
β Phone scamming kingpin gets 13 years for running βiSpoofβ service β
π Read
via "Naked Security".
Site marketing video promised total anonymity, but that was a lie. 170 arrested already. Potentially 1000s more to follow.π Read
via "Naked Security".
Naked Security
Phone scamming kingpin gets 13 years for running βiSpoofβ service
Site marketing video promised total anonymity, but that was a lie. 170 arrested already. Potentially 1000s more to follow.
π΄ Enterprises Must Prepare Now for Shorter TLS Certificate Lifespans π΄
π Read
via "Dark Reading".
Shorter certificate lifespans are beneficial, but they require a rethink of how to properly manage them.π Read
via "Dark Reading".
Dark Reading
Enterprises Must Prepare Now for Shorter TLS Certificate Lifespans
Shorter certificate lifespans are beneficial, but they require a rethink of how to properly manage them.
βΌ CVE-2023-2483 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-33203. Reason: This candidate is a reservation duplicate of CVE-2023-33203. Notes: All CVE users should reference CVE-2023-33203 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33338 βΌ
π Read
via "National Vulnerability Database".
Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31669 βΌ
π Read
via "National Vulnerability Database".
WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote (").π Read
via "National Vulnerability Database".
βΌ CVE-2023-23724 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Winwar Media WP Email Capture plugin <=Γ 3.9.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23706 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <=Γ 7.5.14 versions.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-25707 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <=Γ 1.5.12 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25472 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher plugin <=Γ 3.8.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25481 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Subscribe button plugin <=Γ 1.3.7 versions.π Read
via "National Vulnerability Database".