βΌ CVE-2022-32876 βΌ
π Read
via "National Vulnerability Database".
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13. A shortcut may be able to view the hidden photos album without authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48503 βΌ
π Read
via "National Vulnerability Database".
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21273 βΌ
π Read
via "National Vulnerability Database".
In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21274 βΌ
π Read
via "National Vulnerability Database".
In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21282 βΌ
π Read
via "National Vulnerability Database".
In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21271 βΌ
π Read
via "National Vulnerability Database".
In parseInputs of ShimPreparedModel.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46725 βΌ
π Read
via "National Vulnerability Database".
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21233 βΌ
π Read
via "National Vulnerability Database".
In multiple locations of avrc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4347 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0.π Read
via "National Vulnerability Database".
β€2π1
βΌ CVE-2023-4308 βΌ
π Read
via "National Vulnerability Database".
The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Γ’β¬Λuser-submitted-contentΓ’β¬β’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2916 βΌ
π Read
via "National Vulnerability Database".
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. It can only be exploited if the plugin has not been configured yet. If combined with another arbitrary plugin installation and activation vulnerability, it may be possible to connect a site to InfiniteWP which would make remote management possible and allow for elevation of privileges.π Read
via "National Vulnerability Database".
π’ More than 100,000 hackers have details exposed through malware on cyber crime forums π’
π Read
via "ITPro".
Hackers accidentally falling foul of malware is becoming more common, researchers said π Read
via "ITPro".
ITProUK
More than 100,000 hackers have details exposed through malware on cyber crime forums
Hackers accidentally falling foul of malware is becoming more common, researchers said
π΄ How & Why Cybercriminals Fabricate Data Leaks π΄
π Read
via "Dark Reading".
A closer look at the nature of fake leaks can provide guidance on how to effectively mitigate associated risks.π Read
via "Dark Reading".
Dark Reading
How & Why Cybercriminals Fabricate Data Leaks
A closer look at the nature of fake leaks can provide guidance on how to effectively mitigate associated risks.
βΌ CVE-2023-24478 βΌ
π Read
via "National Vulnerability Database".
Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux before version 22.4 may allow an authenticated user to potentially enable information disclosure via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30778 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry plugin <=Γ 10.0.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30747 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGem WooCommerce Easy Duplicate Product plugin <=Γ 0.3.0.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30498 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeFlavors Vimeotheque: Vimeo WordPress Plugin <=Γ 2.2.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28479 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform installs a full development toolchain within every TigerGraph deployment. An attacker is able to compile new executables on each Tigergraph system and modify system and Tigergraph binaries.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4371 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in phpRecDB 1.3.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument r/view leads to cross site scripting. The attack may be launched remotely. VDB-237194 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.π Read
via "National Vulnerability Database".
π’ Unearthed LockBit secrets suggest gang is faltering in bid to corner ransomware market π’
π Read
via "ITPro".
Laden with technical difficulties, the ransomware group is riding on the wave of its notorious reputation to force victims into paying π Read
via "ITPro".
ITPro
Unearthed LockBit secrets suggest gang is faltering in bid to corner ransomware market
Laden with technical difficulties, the ransomware group is riding on the wave of its notorious reputation to force victims into paying
π’ Patch-resistant autonomous exploits of Citrix NetScaler hardware hit thousands in Europe π’
π Read
via "ITPro".
More than 1,800 Citrix NetScalerdevices still contained backdoors at the time of publication π Read
via "ITPro".
ITPro
Patch-resistant autonomous exploits of Citrix NetScaler hardware hit thousands in Europe
More than 1,800 Citrix NetScaler devices still contained backdoors at the time of publication