‼ CVE-2023-31937 ‼
📖 Read
via "National Vulnerability Database".
Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-cateogry-detail.php file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39010 ‼
📖 Read
via "National Vulnerability Database".
BoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.calibration.CalibrationIO.load. This vulnerability is exploited by loading a crafted camera calibration file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39023 ‼
📖 Read
via "National Vulnerability Database".
university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument.📖 Read
via "National Vulnerability Database".
🦿 HackerOne: How Artificial Intelligence Is Changing Cyber Threats and Ethical Hacking 🦿
📖 Read
via "Tech Republic".
Security experts from HackerOne and beyond weigh in on malicious prompt engineering and other attacks that could strike through LLMs.📖 Read
via "Tech Republic".
TechRepublic
HackerOne: How Artificial Intelligence Is Changing Cyber Threats and Ethical Hacking
Security experts from HackerOne and beyond weigh in on malicious prompt engineering and other attacks that could strike through LLMs.
‼ CVE-2023-37904 ‼
📖 Read
via "National Vulnerability Database".
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38684 ‼
📖 Read
via "National Vulnerability Database".
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an upper bound, the software may allow arbitrary users to generate DB queries which may end up exhausting the resources on the server. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37906 ‼
📖 Read
via "National Vulnerability Database".
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can edit a post in a topic and cause a DoS with a carefully crafted edit reason. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38685 ‼
📖 Read
via "National Vulnerability Database".
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, information about restricted-visibility topic tags could be obtained by unauthorized users. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38498 ‼
📖 Read
via "National Vulnerability Database".
Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can prevent the defer queue from proceeding promptly on sites hosted in the same multisite installation. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability. Users of multisite configurations should upgrade.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3488 ‼
📖 Read
via "National Vulnerability Database".
Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file.📖 Read
via "National Vulnerability Database".
🦿 OpenAI, Microsoft, Google, Anthropic Launch Frontier Model Forum to Promote Safe AI 🦿
📖 Read
via "Tech Republic".
The forum's goal is to establish "guardrails" to mitigate the risk of AI. Learn about the group's four core objectives, as well as the criteria for membership.📖 Read
via "Tech Republic".
TechRepublic
OpenAI, Microsoft, Google, Anthropic Launch Frontier Model Forum to Promote Safe AI
The forum's goal is to establish "guardrails" to mitigate the risk of AI. Learn about the group's four core objectives, as well as the criteria for membership.
❤1
🦿 How to Use NordVPN Meshnet for Free 🦿
📖 Read
via "Tech Republic".
The free NordVPN Meshnet helps you create your own VPN tunnel to securely and directly connect different devices. Learn more about Meshnet and how to set it up in this guide.📖 Read
via "Tech Republic".
TechRepublic
How to Use NordVPN Meshnet for Free
The free NordVPN Meshnet helps you create your own VPN tunnel to securely and directly connect different devices. Learn more about Meshnet and how to set it up in this guide.
‼ CVE-2023-3598 ‼
📖 Read
via "National Vulnerability Database".
Out of bounds read and write in ANGLE in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38988 ‼
📖 Read
via "National Vulnerability Database".
An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4316 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to spoof browser UI via a crafted HTML page. (Chromium security severity: Low)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4910 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in Autofill in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4322 ‼
📖 Read
via "National Vulnerability Database".
Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)📖 Read
via "National Vulnerability Database".
👍2
‼ CVE-2022-4920 ‼
📖 Read
via "National Vulnerability Database".
Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4915 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4321 ‼
📖 Read
via "National Vulnerability Database".
Policy bypass in Blink in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4908 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)📖 Read
via "National Vulnerability Database".