‼ CVE-2023-36495 ‼
📖 Read
via "National Vulnerability Database".
An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0958 ‼
📖 Read
via "National Vulnerability Database".
Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for authenticated attackers with minimal permissions, such as subscribers, to install select plugins from Inisev on vulnerable sites. CVE-2023-38514 appears to be a duplicate of this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3985 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Online Jewelry Store 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235606 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3987 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=user/manage_user&id=3. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235608.📖 Read
via "National Vulnerability Database".
🔥1
‼ CVE-2023-38598 ‼
📖 Read
via "National Vulnerability Database".
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.📖 Read
via "National Vulnerability Database".
🔥1
‼ CVE-2023-38571 ‼
📖 Read
via "National Vulnerability Database".
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to bypass Privacy preferences.📖 Read
via "National Vulnerability Database".
🔥1
‼ CVE-2023-31934 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the adminname parameter of admin-profile.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39190 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** CVE-2023-39190 was found to be a duplicate of CVE-2023-31436. Please see https://access.redhat.com/security/cve/CVE-2023-31436 for information about affected products and security errata.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38992 ‼
📖 Read
via "National Vulnerability Database".
jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39016 ‼
📖 Read
via "National Vulnerability Database".
bboss-persistent v6.0.9 and below was discovered to contain a code injection vulnerability in the component com.frameworkset.common.poolman.util.SQLManager.createPool. This vulnerability is exploited via passing an unchecked argument.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39017 ‼
📖 Read
via "National Vulnerability Database".
quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37754 ‼
📖 Read
via "National Vulnerability Database".
PowerJob v4.3.3 was discovered to contain a remote command execution (RCE) vulnerability via the instanceId parameter at /instance/detail.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31933 ‼
📖 Read
via "National Vulnerability Database".
Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-pass-detail.php file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31936 ‼
📖 Read
via "National Vulnerability Database".
Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-pass-detail.php file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31935 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the emial parameter of admin-profile.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31937 ‼
📖 Read
via "National Vulnerability Database".
Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-cateogry-detail.php file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39010 ‼
📖 Read
via "National Vulnerability Database".
BoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.calibration.CalibrationIO.load. This vulnerability is exploited by loading a crafted camera calibration file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39023 ‼
📖 Read
via "National Vulnerability Database".
university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument.📖 Read
via "National Vulnerability Database".
🦿 HackerOne: How Artificial Intelligence Is Changing Cyber Threats and Ethical Hacking 🦿
📖 Read
via "Tech Republic".
Security experts from HackerOne and beyond weigh in on malicious prompt engineering and other attacks that could strike through LLMs.📖 Read
via "Tech Republic".
TechRepublic
HackerOne: How Artificial Intelligence Is Changing Cyber Threats and Ethical Hacking
Security experts from HackerOne and beyond weigh in on malicious prompt engineering and other attacks that could strike through LLMs.
‼ CVE-2023-37904 ‼
📖 Read
via "National Vulnerability Database".
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38684 ‼
📖 Read
via "National Vulnerability Database".
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an upper bound, the software may allow arbitrary users to generate DB queries which may end up exhausting the resources on the server. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability.📖 Read
via "National Vulnerability Database".