βΌ CVE-2023-40068 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3481 βΌ
π Read
via "National Vulnerability Database".
Critters versions 0.0.17-0.0.19 have an issue when parsing the HTML, which leads to a potential cross-site scripting (XSS) bug. We recommend upgrading to version 0.0.20 of the extension.Γ π Read
via "National Vulnerability Database".
βΌ CVE-2023-4454 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4455 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4453 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8.π Read
via "National Vulnerability Database".
π΄ DEF CON's AI Village Pits Hackers Against LLMs to Find Flaws π΄
π Read
via "Dark Reading".
Touted as the largest red teaming exercise against LLMs in history, the AI Village attracted more than 2,000 hackers and throngs of media.π Read
via "Dark Reading".
Dark Reading
DEF CON's AI Village Pits Hackers Against LLMs to Find Flaws
Touted as the largest red teaming exercise against LLMs in history, the AI Village attracted more than 2,000 hackers and throngs of media.
π΄ Generative AI Is Scraping Your Data. So, Now What? π΄
π Read
via "Dark Reading".
AI innovation is moving faster than our laws and regulations, making it hard to decide whether Web or content scraping activity is good or bad, and what (if anything) you should do about it.π Read
via "Dark Reading".
Dark Reading
Generative AI Is Scraping Your Data. So, Now What?
AI innovation is moving faster than our laws and regulations, making it hard to decide whether Web or content scraping activity is good or bad, and what (if anything) you should do about it.
βΌ CVE-2020-28715 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in kdmserver service in LeEco LeTV X43 version V2401RCN02C080080B04121S, allows attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2023-40735 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BUTTERFLY BUTTON PROJECT - BUTTERFLY BUTTON (Architecture) allows loss of plausible deniability, confidentiality.This issue affects BUTTERFLY BUTTON: As of 2023-08-21.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38899 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component.π Read
via "National Vulnerability Database".
β βSnakes in airplane modeβ β what if your phone says itβs offline but isnβt? β
π Read
via "Naked Security".
WYSIWYG is short for "what you see is what you get". Except when it isn't...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2022-4367 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** Duplicate, use CVE-2023-4279 instead.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3366 βΌ
π Read
via "National Vulnerability Database".
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attackπ Read
via "National Vulnerability Database".
π2π₯1
βΌ CVE-2023-3936 βΌ
π Read
via "National Vulnerability Database".
The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminπ Read
via "National Vulnerability Database".
βΌ CVE-2023-39061 βΌ
π Read
via "National Vulnerability Database".
Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3667 βΌ
π Read
via "National Vulnerability Database".
The Bit Assist WordPress plugin before 1.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)π Read
via "National Vulnerability Database".
βΌ CVE-2023-38976 βΌ
π Read
via "National Vulnerability Database".
An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38961 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0.0 allows a remote attacker to execute arbitrary code via the scanner_is_context_needed component in js-scanner-until.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39106 βΌ
π Read
via "National Vulnerability Database".
An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39660 βΌ
π Read
via "National Vulnerability Database".
An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38836 βΌ
π Read
via "National Vulnerability Database".
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code via the GIF header component.π Read
via "National Vulnerability Database".