๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.8K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.8K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2951 โ€ผ

A vulnerability classified as critical has been found in code-projects Bus Dispatch and Information System 1.0. Affected is an unknown function of the file delete_bus.php. The manipulation of the argument busid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230112.

๐Ÿ“– Read

via "National Vulnerability Database".
๐Ÿ‘1
822 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2014-125101 โ€ผ

A vulnerability classified as critical has been found in Portfolio Gallery Plugin up to 1.1.8 on WordPress. This affects an unknown part. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.9 is able to address this issue. The name of the patch is 58ed88243e17df766036f4857041edaf358076d3. It is recommended to upgrade the affected component. The identifier VDB-230085 was assigned to this vulnerability.

๐Ÿ“– Read

via "National Vulnerability Database".
๐Ÿ‘2๐Ÿ”ฅ1
808 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-33216 โ€ผ

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team WooDiscuz รขโ‚ฌโ€œ WooCommerce Comments woodiscuz-woocommerce-comments allows Stored XSS.This issue affects WooDiscuz รขโ‚ฌโ€œ WooCommerce Comments: from n/a through 2.2.9.

๐Ÿ“– Read

via "National Vulnerability Database".
770 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-33315 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <=ร‚ 1.1.2 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
736 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32800 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in One Rank Math SEO PRO plugin <=ร‚ 3.0.35 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
โค1
729 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-33926 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps plugin <=ร‚ 1.11.7 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
720 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-31873 โ€ผ

Gin 0.7.4 allows execution of arbitrary code when a crafted file is opened, e.g., via require('child_process').

๐Ÿ“– Read

via "National Vulnerability Database".
โค1
717 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-32763 โ€ผ

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.

๐Ÿ“– Read

via "National Vulnerability Database".
โค1
777 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-29380 โ€ผ

Warpinator before 1.6.0 allows remote file deletion via directory traversal in top_dir_basenames.

๐Ÿ“– Read

via "National Vulnerability Database".
710 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-45372 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Codeixer Product Gallery Slider for WooCommerce plugin <=ร‚ 2.2.8 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
750 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2954 โ€ผ

Cross-site Scripting (XSS) - Stored in GitHub repository liangliangyy/djangoblog prior to master.

๐Ÿ“– Read

via "National Vulnerability Database".
723 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2955 โ€ผ

A vulnerability, which was classified as critical, was found in SourceCodester Students Online Internship Timesheet System 1.0. Affected is an unknown function of the file rendered_report.php of the component GET Parameter Handler. The manipulation of the argument sid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230142 is the identifier assigned to this vulnerability.

๐Ÿ“– Read

via "National Vulnerability Database".
752 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2808 โ€ผ

Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link.

๐Ÿ“– Read

via "National Vulnerability Database".
720 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด Top Cyberattacks Revealed in New Threat Intelligence Report ๐Ÿ•ด

New report provides actionable intelligence about attacks, threat actors, and campaigns.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
Top Cyberattacks Revealed in New Threat Intelligence Report
New report provides actionable intelligence about attacks, threat actors, and campaigns.
โค1๐Ÿ‘1
766 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-27613 โ€ผ

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MonitorClick Forms Ada รขโ‚ฌโ€œ Form Builder plugin <=ร‚ 1.0 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
667 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2962 โ€ผ

A vulnerability, which was classified as critical, has been found in SourceCodester Faculty Evaluation System 1.0. Affected by this issue is some unknown functionality of the file index.php?page=edit_user. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230150 is the identifier assigned to this vulnerability.

๐Ÿ“– Read

via "National Vulnerability Database".
๐Ÿ‘1
689 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-32696 โ€ผ

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.

๐Ÿ“– Read

via "National Vulnerability Database".
620 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-32711 โ€ผ

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.

๐Ÿ“– Read

via "National Vulnerability Database".
580 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-32735 โ€ผ

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.

๐Ÿ“– Read

via "National Vulnerability Database".
549 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-32722 โ€ผ

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.

๐Ÿ“– Read

via "National Vulnerability Database".
468 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-32677 โ€ผ

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.

๐Ÿ“– Read

via "National Vulnerability Database".
464 views