βΌ CVE-2020-26064 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38696 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** This CVE has been rejected because it is unclear whether the issue rests in the original repository `microsoft/ContosoAir`, the forked repository `Apetree100122/ContosoAir`, or both. If the Microsoft repository is vulnerable, [Microsoft](https://www.cve.org/PartnerInformation/ListofPartners/partner/microsoft) is the appropriate CVE Numbering Authority.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26082 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted zip-compressed file to an affected device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39344 βΌ
π Read
via "National Vulnerability Database".
social-media-skeleton is an uncompleted social media project. A SQL injection vulnerability in the project allows UNION based injections, which indirectly leads to remote code execution. Commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1 contains a fix for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39346 βΌ
π Read
via "National Vulnerability Database".
LinuxASMCallGraph is software for drawing the call graph of the programming code. Linux ASMCallGraph before commit 20dba06bd1a3cf260612d4f21547c25002121cd5 allows attackers to cause a remote code execution on the server side via uploading a crafted ZIP file due to incorrect filtering rules of uploaded file. The problem has been patched in commit 20dba06bd1a3cf260612d4f21547c25002121cd5. There are no known workarounds.π Read
via "National Vulnerability Database".
π¦Ώ UKβs NCSC Publishes New Shadow IT Guidance π¦Ώ
π Read
via "Tech Republic".
Discover the new shadow IT guidance published by the U.K.'s NCSC. Use this guide to better identify and reduce the levels of shadow IT within your organization. π Read
via "Tech Republic".
TechRepublic
UK's NCSC Publishes New Shadow IT Guidance
Discover the new shadow IT guidance published by the U.K.'s NCSC. Use this guide to identify and reduce shadow IT within your organization.
π3
βΌ CVE-2023-39508 βΌ
π Read
via "National Vulnerability Database".
Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0This issue affects Apache Airflow: before 2.6.0.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-4170 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in DedeBIZ 6.2.10. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Article Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-236186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-4169 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4187 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-4168 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Templatecookie Adlisting 2.14.0. It has been classified as problematic. Affected is an unknown function of the file /ad-list of the component Redirect Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36678 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-buy WP Content Copy Protection & No Right Click plugin <=Γ 3.5.5 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4172 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This issue affects some unknown processing of the file \Service\FileHandler.ashx. The manipulation of the argument FileDirectory leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236207.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-36686 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CartFlows Pro plugin <=Γ 1.11.11 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30491 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin <=Γ 2.1.8 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37873 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <=Γ 3.8.5 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34377 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joseph C Dolson My Content Management plugin <=Γ 1.7.6 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36689 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactory WPFactory Helper plugin <=Γ 1.5.2 versions.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-37874 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityΓ in Dimitar Ivanov HTTP Headers plugin <=Γ 1.18.11 versions.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-34010 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability inΓ submodule ofΓ David Lingren Media Library Assistant plugin Γ <= 3.0.7 versions.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-4180 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this vulnerability is an unknown functionality of the file /vm/login.php. The manipulation of the argument useremail/userpassword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236215.π Read
via "National Vulnerability Database".
π1