βΌ CVE-2023-36298 βΌ
π Read
via "National Vulnerability Database".
DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE).π Read
via "National Vulnerability Database".
βΌ CVE-2023-38812 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3180 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36299 βΌ
π Read
via "National Vulnerability Database".
A File Upload vulnerability in typecho v.1.2.1 allows a remote attacker to execute arbitrary code via the upload and options-general parameters in index.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3348 βΌ
π Read
via "National Vulnerability Database".
The Wrangler command line tool (<=wrangler@3.1.0) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39097 βΌ
π Read
via "National Vulnerability Database".
WebBoss.io CMS v3.7.0.1 contains a stored cross-site scripting (XSS) vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22277 βΌ
π Read
via "National Vulnerability Database".
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26838 βΌ
π Read
via "National Vulnerability Database".
Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service (DoS) condition.π Read
via "National Vulnerability Database".
β€1
π΄ World Cup Glory Looms, and So Do Cyber Threats, Microsoft Warns π΄
π Read
via "Dark Reading".
The attack surface of a live event like this summerβs World Cup in Australia and New Zealand rivals that of a large multinational enterprise, or even a small city.π Read
via "Dark Reading".
Dark Reading
World Cup Glory Looms, and So Do Cyber Threats, Microsoft Warns
The attack surface of a live event like this summerβs World Cup in Australia and New Zealand rivals that of a large multinational enterprise, or even a small city.
π΄ As Artificial Intelligence Accelerates, Cybercrime Innovates π΄
π Read
via "Dark Reading".
Rare government, industry alignment on AI threats means we have an opportunity to make rapid strides to improve cybersecurity and slip the hold cybercriminals have on us.π Read
via "Dark Reading".
Dark Reading
As Artificial Intelligence Accelerates, Cybercrime Innovates
Rare government, industry alignment on AI threats means we have an opportunity to make rapid strides to improve cybersecurity and slip the hold cybercriminals have on us.
π΄ Exclusive: CISA Sounds the Alarm on UEFI Security π΄
π Read
via "Dark Reading".
Had Microsoft had adopted a more secure update path to mitigate the BlackLotus UEFI bootkit, it might already be eliminated, a CISA official says.π Read
via "Dark Reading".
Dark Reading
Exclusive: CISA Sounds the Alarm on UEFI Security
Had Microsoft had adopted a more secure update path to mitigate the BlackLotus UEFI bootkit, it might already be eliminated, a CISA official says.
π¦Ώ Cisco announces general availability of XDR platform π¦Ώ
π Read
via "Tech Republic".
In alliance with Cohesity and others, Cisco is fueling near-zero latency between ransomware detection and remediation with its Extended Detection and Response platform.π Read
via "Tech Republic".
TechRepublic
Cisco Announces General Availability of XDR Platform
In alliance with Cohesity and others, Cisco is fueling near-zero latency between ransomware detection and remediation with its Extended Detection and Response platform.
π¦Ώ Arc Browser Review (2023): Pricing, Features, Alternatives and More π¦Ώ
π Read
via "Tech Republic".
Learn about Arc's features, pros and cons, and what makes the web browser unique. Arc is available only for Mac and iPhone users.π Read
via "Tech Republic".
TechRepublic
Arc Browser Review (2025): Should You Make the Switch?
Is Arc worth downloading? Should you make the switch? Read our Arc Browser review to find out if itβs the right choice for you.
π΄ Cult of the Dead Cow Hacktivists Give Life to 'Privacy-First' App Framework π΄
π Read
via "Dark Reading".
The well-known collective is taking on targeted advertising with the Veilid framework and says it wants to make the Internet accessible to everyone who fears being monetized.π Read
via "Dark Reading".
Dark Reading
Cult of the Dead Cow Hacktivists Give Life to 'Privacy-First' App Framework
The well-known collective is taking on targeted advertising with the Veilid framework and says it wants to make the Internet accessible to everyone who fears being monetized.
π΄ Hactivist Group 'Mysterious Team Bangladesh' Goes on DDoS Rampage π΄
π Read
via "Dark Reading".
The emerging threat has carried out 750 DDoS attacks and 78 website defacements in just one year to support its religious and political motives.π Read
via "Dark Reading".
Dark Reading
Hacktivist Group 'Mysterious Team Bangladesh' Goes on DDoS Rampage
The emerging threat has carried out 750 DDoS attacks and 78 website defacements in just one year to support its religious and political motives.
β S3 Ep146: Tell us about that breach! (If you want to.) β
π Read
via "Naked Security".
Serious security stories explained clearly in plain English - listen now. (Full transcript available.)π Read
via "Naked Security".
Naked Security
S3 Ep146: Tell us about that breach! (If you want to.)
Serious security stories explained clearly in plain English β listen now. (Full transcript available.)
π¦Ώ Companies Should Implement ROI-Driven Cybersecurity Budgets, Expert Says π¦Ώ
π Read
via "Tech Republic".
Discover the new models used to assign security budgets that succeed where traditional and outdated processes fail.π Read
via "Tech Republic".
TechRepublic
Companies Should Implement ROI-Driven Cybersecurity Budgets, Expert Says
Discover the new models used to assign security budgets that succeed where traditional and outdated processes fail.
βΌ CVE-2023-4145 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33363 βΌ
π Read
via "National Vulnerability Database".
An authentication bypass vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated users to access some functionality on BioStar 2 servers.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36213 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33365 βΌ
π Read
via "National Vulnerability Database".
A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server's web server.π Read
via "National Vulnerability Database".