ā¼ CVE-2023-2324 ā¼
š Read
via "National Vulnerability Database".
The Elementor Forms Google Sheet Connector WordPress plugin before 1.0.7, gsheetconnector-for-elementor-forms-pro WordPress plugin through 1.0.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as adminš Read
via "National Vulnerability Database".
ā¼ CVE-2023-21640 ā¼
š Read
via "National Vulnerability Database".
Memory corruption in Linux when the file upload API is called with parameters having large buffer.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-2010 ā¼
š Read
via "National Vulnerability Database".
The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-22386 ā¼
š Read
via "National Vulnerability Database".
Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-21639 ā¼
š Read
via "National Vulnerability Database".
Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-21635 ā¼
š Read
via "National Vulnerability Database".
Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-3460 ā¼
š Read
via "National Vulnerability Database".
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-24851 ā¼
š Read
via "National Vulnerability Database".
Memory Corruption in WLAN HOST while parsing QMI response message from firmware.š Read
via "National Vulnerability Database".
ā¼ CVE-2022-4623 ā¼
š Read
via "National Vulnerability Database".
The ND Shortcodes WordPress plugin before 7.0 does not validate and escape numerous of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksš Read
via "National Vulnerability Database".
ā¼ CVE-2023-28542 ā¼
š Read
via "National Vulnerability Database".
Memory Corruption in WLAN HOST while fetching TX status information.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-2321 ā¼
š Read
via "National Vulnerability Database".
The WPForms Google Sheet Connector WordPress plugin before 3.4.6, gsheetconnector-wpforms-pro WordPress plugin through 3.4.6 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminš Read
via "National Vulnerability Database".
ā¼ CVE-2023-21633 ā¼
š Read
via "National Vulnerability Database".
Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-1273 ā¼
š Read
via "National Vulnerability Database".
The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacksš Read
via "National Vulnerability Database".
ā¼ CVE-2023-21672 ā¼
š Read
via "National Vulnerability Database".
Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions.š Read
via "National Vulnerability Database".
š¢ Why Fulham FCās geography makes running IT so challenging š¢
š Read
via "ITPro".
Fending off cyber criminals and keeping equipment updated on match days is more difficult than you might think š Read
via "ITPro".
ITPro
Why Fulham FCās geography makes running IT so challenging
Fending off cyber criminals and keeping equipment updated on match days is more difficult than you might think
š1
ā¼ CVE-2023-31999 ā¼
š Read
via "National Vulnerability Database".
All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 state parameter is to prevent Cross-Site-Request-Forgery attacks. As such, it should be unique per user and should be connected to the user's session in some way that will allow the server to validate it.v7.2.0 changes the default behavior to store the state in a cookie with the http-only and same-site=lax attributes set. The state is now by default generated for every user. Note that this contains a breaking change in the checkStateFunction function, which now accepts the full Request object.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-3506 ā¼
š Read
via "National Vulnerability Database".
A vulnerability was found in Active It Zone Active eCommerce CMS 6.5.0. It has been declared as problematic. This vulnerability affects unknown code of the file /ecommerce/support_ticket of the component Create Ticket Page. The manipulation of the argument details with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. VDB-232954 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-3505 ā¼
š Read
via "National Vulnerability Database".
A vulnerability was found in Onest CRM 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/project/update/2 of the component Project List Handler. The manipulation of the argument name with the input <script>alert(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-232953 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.š Read
via "National Vulnerability Database".
ā¤1
ā Ghostscript bug could allow rogue documents to run system commands ā
š Read
via "Naked Security".
Even if you've never heard of the venerable Ghostscript project, you may have it installed without knowing.š Read
via "Naked Security".
Sophos News
Naked Security ā Sophos News
ā¼ CVE-2022-42175 ā¼
š Read
via "National Vulnerability Database".
Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization.š Read
via "National Vulnerability Database".
ā¼ CVE-2023-33201 ā¼
š Read
via "National Vulnerability Database".
Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.š Read
via "National Vulnerability Database".
ā¤3š1