βΌ CVE-2023-29430 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CTHthemes TheRoof plugin <=Γ 1.0.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3398 βΌ
π Read
via "National Vulnerability Database".
Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3.π Read
via "National Vulnerability Database".
π΄ 3 Steps to Successfully & Ethically Navigate a Data Breach π΄
π Read
via "Dark Reading".
In this day of "not if, but when" for breaches, transparency and full disclosure are important to salvage a company's reputation and keep public trust.π Read
via "Dark Reading".
Dark Reading
3 Steps to Successfully & Ethically Navigate a Data Breach
In this day of "not if, but when" for breaches, transparency and full disclosure are important to salvage a company's reputation and keep public trust.
βΌ CVE-2023-29438 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Martin SimpleModal Contact Form (SMCF) plugin <=Γ 1.2.9 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36631 βΌ
π Read
via "National Vulnerability Database".
** DISPUTED ** Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Firewall Control 6.9.2.0 allows local unprivileged users to bypass Windows Firewall restrictions via the user interface's rules tab. NOTE: the vendor's perspective is "this is intended behavior as the application can be locked using a password."π Read
via "National Vulnerability Database".
β Aussie PM says, βShut down your phone every 24 hours for 5 minsβ β but thatβs not enough on its own β
π Read
via "Naked Security".
Don't treat rebooting your phone once a day as a cybersecurity talisman... here are 8 additional tips for better mobile phone security.π Read
via "Naked Security".
β UK hacker busted in Spain gets 5 years over Twitter hack and more β
π Read
via "Naked Security".
Not just that infamous Twitter hack, but SIM-swapping, stalking and swatting too...π Read
via "Naked Security".
Naked Security
UK hacker busted in Spain gets 5 years over Twitter hack and more
Not just that infamous Twitter hack, but SIM-swapping, stalking and swatting tooβ¦
π΄ Trojanized Super Mario Installer Goes After Gamer Data π΄
π Read
via "Dark Reading".
A legitimate installer for the popular Nintendo game infects Windows machines with various malware, including a cryptominer and an infostealer, again showcasing the importance of remote worker security hygiene.π Read
via "Dark Reading".
Dark Reading
Trojanized Super Mario Installer Goes After Gamer Data
A legitimate installer for the popular Nintendo game infects Windows machines with various malware, including a cryptominer and an infostealer, again showcasing the importance of remote worker security hygiene.
βΌ CVE-2023-36301 βΌ
π Read
via "National Vulnerability Database".
Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25306 βΌ
π Read
via "National Vulnerability Database".
MultiMC Launcher <= 0.6.16 is vulnerable to Directory Traversal.π Read
via "National Vulnerability Database".
π΄ How Infrastructure as Code Can Help Minimize Human Error π΄
π Read
via "Dark Reading".
Infrastructure as code lets organizations manage cloud infrastructure with the same versioning, testing, and automation processes they use for application code.π Read
via "Dark Reading".
Dark Reading
How Infrastructure as Code Can Help Minimize Human Error
Infrastructure as code lets organizations manage cloud infrastructure with the same versioning, testing, and automation processes they use for application code.
π΄ Remediation Ballet Is a Pas de Deux of Patch and Performance π΄
π Read
via "Dark Reading".
AI-generated code promises quicker fixes for vulnerabilities, but ultimately developers and security teams must balance competing interests.π Read
via "Dark Reading".
Dark Reading
Remediation Ballet Is a Pas de Deux of Patch and Performance
AI-generated code promises quicker fixes for vulnerabilities, but ultimately developers and security teams must balance competing interests.
π΄ Remediation Ballet Is a Pas de Deux of Patch and Performance π΄
π Read
via "Dark Reading".
AI-generated code promises quicker fixes for vulnerabilities, but ultimately developers and security teams must balance competing interests.π Read
via "Dark Reading".
Dark Reading
Remediation Ballet Is a Pas de Deux of Patch and Performance
AI-generated code promises quicker fixes for vulnerabilities, but ultimately developers and security teams must balance competing interests.
βΌ CVE-2023-28485 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (Stored XSS) vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board (where they have BoardAdmin access), and renameAttachment does not block XSS payloads.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2022-48331 βΌ
π Read
via "National Vulnerability Database".
Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys feature_name_len integer overflow and resultant buffer overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29459 βΌ
π Read
via "National Vulnerability Database".
The laola.redbull application through 5.1.9-R for Android exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this URI is subsequently loaded into the application's webview, thus allowing the loading of arbitrary content into the context of the application. This can occur via the fcrbs schema or an explicit intent invocation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33580 βΌ
π Read
via "National Vulnerability Database".
Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48333 βΌ
π Read
via "National Vulnerability Database".
Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys prefix_len+feature_name_len integer overflow and resultant buffer overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48336 βΌ
π Read
via "National Vulnerability Database".
Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagParseAndStoreData integer overflow and resultant buffer overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48335 βΌ
π Read
via "National Vulnerability Database".
Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagVerifyProvisioning integer overflow and resultant buffer overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48332 βΌ
π Read
via "National Vulnerability Database".
Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys file_name_len integer overflow and resultant buffer overflow.π Read
via "National Vulnerability Database".