πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-34036 β€Ό

Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle (and possibly discard) forwarded headers either in WebFlux or at the level of the underlying HTTP server.For the application to be affected, it needs to satisfy the following requirements: * It needs to use the reactive web stack (Spring WebFlux) and Spring HATEOAS to create links in hypermedia-based responses. * The application infrastructure does not guard against clients submitting (X-)ForwardedÒ€¦Â headers.

πŸ“– Read

via "National Vulnerability Database".
457 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-23646 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Album Gallery Γ’β‚¬β€œ WordPress Gallery plugin <=Γ‚ 1.4.9 versions.

πŸ“– Read

via "National Vulnerability Database".
460 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
⚠ Zimbra Collaboration Suite warning: Patch this 0-day right now (by hand)! ⚠

Zimbra didn't actually say, "Do not delay/Do it today," but they did say, "We kindly request your cooperation to apply the fix manually."

πŸ“– Read

via "Naked Security".
Sophos News
Naked Security – Sophos News
496 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-27424 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Korol Yuriy aka Shra Inactive User Deleter plugin <=Γ‚ 1.59 versions.

πŸ“– Read

via "National Vulnerability Database".
452 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2912 β€Ό

Use After Free vulnerability in Secomea SiteManager Embedded allows Obstruction.

πŸ“– Read

via "National Vulnerability Database".
465 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2959 β€Ό

Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users.This issue affects Oliva Expertise EKS: before 1.2.

πŸ“– Read

via "National Vulnerability Database".
427 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-31851 β€Ό

Cudy LT400 1.13.4 is has a cross-site scripting (XSS) vulnerability in /cgi-bin/luci/admin/network/wireless/status via the iface parameter.

πŸ“– Read

via "National Vulnerability Database".
385 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-3186 β€Ό

The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype.

πŸ“– Read

via "National Vulnerability Database".
351 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-3376 β€Ό

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Strategy Zekiweb allows SQL Injection.This issue affects Zekiweb: before 2.

πŸ“– Read

via "National Vulnerability Database".
299 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-36511 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <=Γ‚ 1.6.4 versions.

πŸ“– Read

via "National Vulnerability Database".
266 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-37968 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage for WordPress plugin <=Γ‚ 1.3.39 versions.

πŸ“– Read

via "National Vulnerability Database".
253 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2701 β€Ό

The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin.

πŸ“– Read

via "National Vulnerability Database".
245 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-3418 β€Ό

The Querlo Chatbot WordPress plugin through 1.2.4 does not escape or sanitize chat messages, leading to a stored Cross-Site Scripting vulnerability.

πŸ“– Read

via "National Vulnerability Database".
231 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-2579 β€Ό

The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.

πŸ“– Read

via "National Vulnerability Database".
226 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-35089 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes plugin <=Γ‚ 8.0.7 versions.

πŸ“– Read

via "National Vulnerability Database".
215 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-3041 β€Ό

The Autochat Automatic Conversation WordPress plugin through 1.1.7 does not sanitise and escape user input before outputting it back on the page, leading to a cross-site Scripting attack.

πŸ“– Read

via "National Vulnerability Database".
215 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-35096 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <=Γ‚ 2.5 versions.

πŸ“– Read

via "National Vulnerability Database".
210 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-35880 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <=Γ‚ 1.6.49 versions.

πŸ“– Read

via "National Vulnerability Database".
220 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-31216 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <=Γ‚ 2.6.0 versions.

πŸ“– Read

via "National Vulnerability Database".
213 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-36513 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <=Γ‚ 5.7.5 versions.

πŸ“– Read

via "National Vulnerability Database".
221 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-31853 β€Ό

Cudy LT400 1.13.4 is vulnerable Cross Site Scripting (XSS) in /cgi-bin/luci/admin/network/bandwidth via the icon parameter.

πŸ“– Read

via "National Vulnerability Database".
227 views