βΌ CVE-2020-36082 βΌ
π Read
via "National Vulnerability Database".
File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24922 βΌ
π Read
via "National Vulnerability Database".
Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-19952 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29378 βΌ
π Read
via "National Vulnerability Database".
SQL Injection in pear-admin-think version 2.1.2, allows attackers to execute arbitrary code and escalate privileges via crafted GET request to Crud.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28835 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2021-27524 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in margox braft-editor version 2.3.8, allows remote attackers to execute arbitrary code via the embed media feature.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26505 βΌ
π Read
via "National Vulnerability Database".
Prototype pollution vulnerability in MrSwitch hello.js version 1.18.6, allows remote attackers to execute arbitrary code via hello.utils.extend function.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24075 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28025 βΌ
π Read
via "National Vulnerability Database".
Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2023-39945 βΌ
π Read
via "National Vulnerability Database".
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled `BadParamException` in fastcdr, which in turn crashes fastdds. Versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5 contain a patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27514 βΌ
π Read
via "National Vulnerability Database".
Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attackers to delete arbitrary files and cause a denial of service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2021-29057 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3, allows attackers to cause a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39534 βΌ
π Read
via "National Vulnerability Database".
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36138 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2023-32267 βΌ
π Read
via "National Vulnerability Database".
A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited.π Read
via "National Vulnerability Database".
π¦Ώ Best Encryption Software and Tools for 2023 π¦Ώ
π Read
via "Tech Republic".
This is a comprehensive list of best encryption software and tools, covering their features, pricing and more. Use this guide to determine your best fit.π Read
via "Tech Republic".
TechRepublic
The 7 Best Encryption Software Choices for 2024
This is a comprehensive list of the best encryption software and tools, with features, pricing and more. Use this guide to find your best fit.
π€1
π¦Ώ Downfall Vulnerability Affects Millions of Intel CPUs With Strong Data Leak Impact π¦Ώ
π Read
via "Tech Republic".
Learn technical details about this newly disclosed security vulnerability, as well as mitigation recommendations from the Google researcher who discovered it.π Read
via "Tech Republic".
TechRepublic
Downfall Vulnerability Affects Millions of Intel CPUs With Strong Data Leak Impact
Learn technical details of a newly disclosed security vulnerability and mitigation recommendations from the Google researcher who found it.
π΄ XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure π΄
π Read
via "Dark Reading".
Disguised as harmless PDF documents, LNK files trigger a PowerShell script, initiating a Rust-based injector called Freeze[.]rs and a host of malware infections.π Read
via "Dark Reading".
Dark Reading
XWorm, Remcos RAT Evade EDRs to Infect Critical Infrastructure
Disguised as harmless PDF documents, LNK files trigger a PowerShell script, initiating a Rust-based injector called Freeze[.]rs and a host of malware infections.
βΌ CVE-2023-0871 βΌ
π Read
via "National Vulnerability Database".
XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platformsΓ is vulnerable to XML external entity (XXE) injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services.Γ The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.π Read
via "National Vulnerability Database".
π¦Ώ Dependency Confusion Attacks: New Research Into Which Businesses are At Risk π¦Ώ
π Read
via "Tech Republic".
Dependency confusion is becoming a serious cybersecurity threat. Learn which organizations are at risk and how to protect systems against these attacks.π Read
via "Tech Republic".
TechRepublic
Dependency Confusion Attacks: New Research Into Which Businesses are At Risk
A new type of attack called dependency confusion is becoming a serious security threat to organizations. Learn how to protect your systems.
π΄ Threat Intelligence Efforts, Investment Lagging, Says Opswat π΄
π Read
via "Dark Reading".
In an annual survey, 62% of respondents admited their threat intel efforts need stepping up.π Read
via "Dark Reading".
Dark Reading
Threat Intelligence Efforts, Investment Lagging, Says Opswat
In an annual survey, 62% of respondents admited their threat intel efforts need stepping up.