‼ CVE-2023-35044 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Drew Phillips Securimage-WP plugin <=Â 3.6.16 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35091 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in StoreApps Stock Manager for WooCommerce plugin <=Â 2.10.0 versions.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-23671 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Layer Slider plugin <=Â 1.1.9.7 versions.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-36690 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in VibeThemes WPLMS theme <=Â 4.900 versions.📖 Read
via "National Vulnerability Database".
❤1
⚠ Apple silently pulls its latest zero-day update – what now? ⚠
📖 Read
via "Naked Security".
Previously, we said "do it today", but now we're forced back on: "Do not delay; do it as soon as Apple and your device will let you."📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
❤1
‼ CVE-2023-3620 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository amauric/tarteaucitron.js prior to v1.13.1.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2020-20118 ‼
📖 Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request to the aswSnx.sys driver.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31818 ‼
📖 Read
via "National Vulnerability Database".
An issue found in Marukyu Line v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37659 ‼
📖 Read
via "National Vulnerability Database".
xalpha v0.11.4 is vulnerable to Remote Command Execution (RCE).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2746 ‼
📖 Read
via "National Vulnerability Database".
The Rockwell Automation Enhanced HIM software contains an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (CSRF) attack. To exploit this vulnerability, a malicious user would have to convince a user to click on an untrusted link through a social engineering attack or successfully perform a Cross Site Scripting Attack (XSS). Exploitation of a CSRF could potentially lead to sensitive information disclosure and full remote access to the affected products.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-2072 ‼
📖 Read
via "National Vulnerability Database".
The Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product. Â The vulnerable pages do not require privileges to access and can be injected with code by an attacker which could be used to leverage an attack on an authenticated user resulting in remote code execution and potentially the complete loss of confidentiality, integrity, and availability of the product.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36163 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in IP-DOT BuildaGate v.BuildaGate5 allows a remote attacker to execute arbitrary code via a crafted script to the mc parameter of the URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36167 ‼
📖 Read
via "National Vulnerability Database".
An issue in AVG AVG Anti-Spyware v.7.5 allows an attacker to execute arbitrary code via a crafted script to the guard.exe component.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36293 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in wmanager v.1.0.7 and before allows a remote attacker to obtain sensitive information via a crafted script to the company.php component.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36164 ‼
📖 Read
via "National Vulnerability Database".
An issue in MiniTool Partition Wizard ShadowMaker v.12.7 allows an attacker to execute arbitrary code via the MTAgentService component.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37657 ‼
📖 Read
via "National Vulnerability Database".
TwoNav v2.0.28-20230624 is vulnerable to Cross Site Scripting (XSS).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3617 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Best POS Management System 1.0. It has been classified as critical. This affects an unknown part of the file admin_class.php of the component Login Page. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233565 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37658 ‼
📖 Read
via "National Vulnerability Database".
fast-poster v2.15.0 is vulnerable to Cross Site Scripting (XSS). File upload check binary of img, but without strictly check file suffix at /server/fast.py -> ApiUploadHandler.post causes stored XSS📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37656 ‼
📖 Read
via "National Vulnerability Database".
WebsiteGuide v0.2 is vulnerable to Remote Command Execution (RCE) via image upload.📖 Read
via "National Vulnerability Database".
🕴 Apple's Rapid Zero-Day Patch Causes Safari Issues, Users Say 🕴
📖 Read
via "Dark Reading".
Apple's emergency fix for a code-execution bug being actively exploited in the wild is reportedly buggy itself, and some indications point to the Cupertino giant halting patch rollouts.📖 Read
via "Dark Reading".
Dark Reading
Apple's Rapid Zero-Day Patch Causes Safari Issues, Users Say
Apple's emergency fix for a code-execution bug being actively exploited in the wild is reportedly buggy itself, and some indications point to the Cupertino giant halting patch rollouts.
🕴 Critical VMware Bug Exploit Code Released Into the Wild 🕴
📖 Read
via "Dark Reading".
The exploit code was brought to VMware's attention by an anonymous researcher, in tandem with the Trend Micro Zero Day Initiative.📖 Read
via "Dark Reading".
Dark Reading
Critical VMware Bug Exploit Code Released Into the Wild
The exploit code was brought to VMware's attention by an anonymous researcher, in tandem with the Trend Micro Zero Day Initiative.