‼ CVE-2023-0602 ‼
📖 Read
via "National Vulnerability Database".
The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3292 ‼
📖 Read
via "National Vulnerability Database".
The grid-kit-premium WordPress plugin before 2.2.0 does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3508 ‼
📖 Read
via "National Vulnerability Database".
The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4888 ‼
📖 Read
via "National Vulnerability Database".
The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned Cart Recovery WordPress plugin before 1.2.5, Custom Fields for WooCommerce WordPress plugin before 1.0.4, Custom Order Number WordPress plugin through 1.0.1, Custom Registration Forms Builder WordPress plugin before 1.0.2, Advanced Free Gifts WordPress plugin before 1.0.2, Gift Registry for WooCommerce WordPress plugin through 1.0.1, Image Watermark for WooCommerce WordPress plugin before 1.0.1, Order Approval for WooCommerce WordPress plugin before 1.1.0, Order Tracking for WooCommerce WordPress plugin before 1.0.2, Price Calculator for WooCommerce WordPress plugin through 1.0.3, Product Dynamic Pricing and Discounts WordPress plugin through 1.0.6, Product Labels and Stickers WordPress plugin through 1.0.1 have flawed CSRF checks in various places, which could allow attackers to make logged in users perform unwanted actions📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3130 ‼
📖 Read
via "National Vulnerability Database".
The Short URL WordPress plugin before 1.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3507 ‼
📖 Read
via "National Vulnerability Database".
The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3134 ‼
📖 Read
via "National Vulnerability Database".
The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks.📖 Read
via "National Vulnerability Database".
🕴 Summer Documentary Watch Party: 8 Sizzling Cybersecurity Tales 🕴
📖 Read
via "Dark Reading".
From the upcoming Billion Dollar Heist to docs on the Ashley Madison breach and Stuxnet, here are a bevy of films that can scratch that wanna-be hacker itch.📖 Read
via "Dark Reading".
Dark Reading
Summer Documentary Watch Party: 8 Sizzling Cybersecurity Tales
From the upcoming Billion Dollar Heist to docs on the Ashley Madison breach and Stuxnet, here are a bevy of films that can scratch that wanna-be hacker itch.
🕴 Best Practices for Enterprise Private 5G Security 🕴
📖 Read
via "Dark Reading".
Omdia's latest research with Trend Micro and CTOne sheds light on 5G security challenges and ways to effectively extend enterprise-grade security to 5G networks📖 Read
via "Dark Reading".
Dark Reading
Best Practices for Enterprise Private 5G Security
Omdia's latest research with Trend Micro and CTOne sheds light on 5G security challenges and ways to effectively extend enterprise-grade security to 5G networks
‼ CVE-2023-35861 ‼
📖 Read
via "National Vulnerability Database".
A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37647 ‼
📖 Read
via "National Vulnerability Database".
SEMCMS v1.5 was discovered to contain a SQL injection vulnerability via the id parameter at /Ant_Suxin.php.📖 Read
via "National Vulnerability Database".
🕴 Israeli Oil Refinery Taken Offline by Pro-Iranian Attackers 🕴
📖 Read
via "Dark Reading".
The apparent pro-Iranian Cyber Avengers posted images of BAZAN Groups's SCADA systems, diagrams, and programmable logic controller (PLC) code.📖 Read
via "Dark Reading".
Dark Reading
Website of Israeli Oil Refinery Taken Offline by Pro-Iranian Attackers
The apparent pro-Iranian Cyber Avengers posted images of BAZAN Groups's SCADA systems, diagrams, and programmable logic controller (PLC) code.
👎1
‼ CVE-2021-31681 ‼
📖 Read
via "National Vulnerability Database".
Deserialization of Untrusted Data vulnerability in yolo 3 allows attackers to execute arbitrary code via crafted yaml file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34644 ‼
📖 Read
via "National Vulnerability Database".
Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows remote attackers to gain escalated privileges via crafted POST request to /cgi-bin/luci/api/auth.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38303 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36091 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34872 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34842 ‼
📖 Read
via "National Vulnerability Database".
Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-31680 ‼
📖 Read
via "National Vulnerability Database".
Deserialization of Untrusted Data vulnerability in yolo 5 allows attackers to execute arbitrary code via crafted yaml file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38304 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36089 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".