๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.8K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.8K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2922 โ€ผ

A vulnerability classified as problematic has been found in SourceCodester Comment System 1.0. Affected is an unknown function of the file index.php of the component GET Parameter Handler. The manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230076.

๐Ÿ“– Read

via "National Vulnerability Database".
600 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-26129 โ€ผ

All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the 'check' function in the bwm-ng.js file. **Note:**To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment.

๐Ÿ“– Read

via "National Vulnerability Database".
๐Ÿ‘1
684 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2928 โ€ผ

A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file uploads/dede/article_allowurl_edit.php. The manipulation of the argument allurls leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230083.

๐Ÿ“– Read

via "National Vulnerability Database".
733 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32695 โ€ผ

socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3.

๐Ÿ“– Read

via "National Vulnerability Database".
โค1๐Ÿ”ฅ1
737 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2015-20108 โ€ผ

xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.

๐Ÿ“– Read

via "National Vulnerability Database".
โค1
763 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2947 โ€ผ

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.

๐Ÿ“– Read

via "National Vulnerability Database".
773 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2942 โ€ผ

Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.

๐Ÿ“– Read

via "National Vulnerability Database".
786 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2948 โ€ผ

Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.

๐Ÿ“– Read

via "National Vulnerability Database".
782 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2950 โ€ผ

Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.

๐Ÿ“– Read

via "National Vulnerability Database".
809 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2951 โ€ผ

A vulnerability classified as critical has been found in code-projects Bus Dispatch and Information System 1.0. Affected is an unknown function of the file delete_bus.php. The manipulation of the argument busid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230112.

๐Ÿ“– Read

via "National Vulnerability Database".
๐Ÿ‘1
822 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2014-125101 โ€ผ

A vulnerability classified as critical has been found in Portfolio Gallery Plugin up to 1.1.8 on WordPress. This affects an unknown part. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.9 is able to address this issue. The name of the patch is 58ed88243e17df766036f4857041edaf358076d3. It is recommended to upgrade the affected component. The identifier VDB-230085 was assigned to this vulnerability.

๐Ÿ“– Read

via "National Vulnerability Database".
๐Ÿ‘2๐Ÿ”ฅ1
808 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-33216 โ€ผ

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team WooDiscuz รขโ‚ฌโ€œ WooCommerce Comments woodiscuz-woocommerce-comments allows Stored XSS.This issue affects WooDiscuz รขโ‚ฌโ€œ WooCommerce Comments: from n/a through 2.2.9.

๐Ÿ“– Read

via "National Vulnerability Database".
770 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-33315 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <=ร‚ 1.1.2 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
736 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32800 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in One Rank Math SEO PRO plugin <=ร‚ 3.0.35 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
โค1
729 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-33926 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps plugin <=ร‚ 1.11.7 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
720 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-31873 โ€ผ

Gin 0.7.4 allows execution of arbitrary code when a crafted file is opened, e.g., via require('child_process').

๐Ÿ“– Read

via "National Vulnerability Database".
โค1
717 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32763 โ€ผ

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.

๐Ÿ“– Read

via "National Vulnerability Database".
โค1
777 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-29380 โ€ผ

Warpinator before 1.6.0 allows remote file deletion via directory traversal in top_dir_basenames.

๐Ÿ“– Read

via "National Vulnerability Database".
710 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-45372 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Codeixer Product Gallery Slider for WooCommerce plugin <=ร‚ 2.2.8 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
750 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2954 โ€ผ

Cross-site Scripting (XSS) - Stored in GitHub repository liangliangyy/djangoblog prior to master.

๐Ÿ“– Read

via "National Vulnerability Database".
723 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2955 โ€ผ

A vulnerability, which was classified as critical, was found in SourceCodester Students Online Internship Timesheet System 1.0. Affected is an unknown function of the file rendered_report.php of the component GET Parameter Handler. The manipulation of the argument sid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230142 is the identifier assigned to this vulnerability.

๐Ÿ“– Read

via "National Vulnerability Database".
752 views