🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.9K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.9K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-26011 ‼

Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Read More Excerpt Link plugin <= 1.6 versions.

📖 Read

via "National Vulnerability Database".
217 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-33599 ‼

EasyImages2.0 ? 2.8.1 is vulnerable to Cross Site Scripting (XSS) via viewlog.php.

📖 Read

via "National Vulnerability Database".
246 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2022-46851 ‼

Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates plugin <= 3.1.20 versions.

📖 Read

via "National Vulnerability Database".
262 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-33362 ‼

Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function.

📖 Read

via "National Vulnerability Database".
272 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-23713 ‼

Cross-Site Request Forgery (CSRF) vulnerability in Manoj Thulasidas Theme Tweaker plugin <= 5.20 versions.

📖 Read

via "National Vulnerability Database".
293 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 A New Look for Risk in Awareness Training 🕴

Changes in the way risk is viewed are leading to changes in the way training is conducted.

📖 Read

via "Dark Reading".
Dark Reading
A New Look for Risk in Awareness Training
Changes in the way risk is viewed are leading to changes in the way training is conducted.
346 views
🛡 Cybersecurity & Privacy 🛡 - News
âš  PyPI open-source code repository deals with manic malware maelstrom âš 

Controlled outage used to keep malware marauders from gumming up the works. Learn what you can do to help in future...

📖 Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
398 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-25474 ‼

Cross-Site Request Forgery (CSRF) vulnerability in Csaba Kissi About Me 3000 widget plugin <= 2.2.6 versions.

📖 Read

via "National Vulnerability Database".
361 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-1209 ‼

Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts.

📖 Read

via "National Vulnerability Database".
377 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 What Security Professionals Need to Know About Aggregate Cyber Risk 🕴

Widespread cyber incidents will happen, but unlike for natural disasters, specific security controls can help prevent a catastrophe.

📖 Read

via "Dark Reading".
Dark Reading
What Security Professionals Need to Know About Aggregate Cyber-Risk
Widespread cyber incidents will happen, but unlike natural disasters, specific security controls can help prevent a catastrophe.
375 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-1837 ‼

Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 (with enabled Legacy APIs)

📖 Read

via "National Vulnerability Database".
312 views
🛡 Cybersecurity & Privacy 🛡 - News
🕴 SuperMailer Abuse Bypasses Email Security for Super-Sized Credential Theft 🕴

Secure email gateways and end users alike are being fooled by a cyberattack campaign that's enjoying skyrocketing volumes against businesses in every industry, globally.

📖 Read

via "Dark Reading".
Dark Reading
SuperMailer Abuse Bypasses Email Security for Super-Sized Credential Theft
Secure email gateways and end users alike are being fooled by a cyberattack campaign that's enjoying skyrocketing volumes against businesses in every industry, globally.
300 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-31518 ‼

A heap use-after-free in the component CDataFileReader::GetItem of teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via a crafted map file.

📖 Read

via "National Vulnerability Database".
258 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-31752 ‼

SourceCodester Employee and Visitor Gate Pass Logging System v1.0 is vulnerable to SQL Injection via /employee_gatepass/classes/Login.php.

📖 Read

via "National Vulnerability Database".
237 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-23298 ‼

The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device's firmware.

📖 Read

via "National Vulnerability Database".
232 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-23300 ‼

The `Toybox.Cryptography.Cipher.initialize` API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device's firmware.

📖 Read

via "National Vulnerability Database".
217 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-23303 ‼

The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device's firmware.

📖 Read

via "National Vulnerability Database".
210 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-31860 ‼

Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system.

📖 Read

via "National Vulnerability Database".
213 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-23302 ‼

The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device's firmware.

📖 Read

via "National Vulnerability Database".
213 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-23305 ‼

The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware.

📖 Read

via "National Vulnerability Database".
212 views
🛡 Cybersecurity & Privacy 🛡 - News
‼ CVE-2023-31517 ‼

Teeworlds v0.7.5 was discovered to contain memory leaks.

📖 Read

via "National Vulnerability Database".
210 views