‼ CVE-2023-3936 ‼
📖 Read
via "National Vulnerability Database".
The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39061 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3667 ‼
📖 Read
via "National Vulnerability Database".
The Bit Assist WordPress plugin before 1.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38976 ‼
📖 Read
via "National Vulnerability Database".
An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38961 ‼
📖 Read
via "National Vulnerability Database".
Buffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0.0 allows a remote attacker to execute arbitrary code via the scanner_is_context_needed component in js-scanner-until.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39106 ‼
📖 Read
via "National Vulnerability Database".
An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39660 ‼
📖 Read
via "National Vulnerability Database".
An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38836 ‼
📖 Read
via "National Vulnerability Database".
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code via the GIF header component.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31447 ‼
📖 Read
via "National Vulnerability Database".
user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3954 ‼
📖 Read
via "National Vulnerability Database".
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39094 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in ZeroWdd studentmanager v.1.0 allows a remote attacker to execute arbitrary code via the username parameter in the student list function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32002 ‼
📖 Read
via "National Vulnerability Database".
The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x.Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3604 ‼
📖 Read
via "National Vulnerability Database".
The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4456 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38035 ‼
📖 Read
via "National Vulnerability Database".
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.📖 Read
via "National Vulnerability Database".
🕴 Energy One Investigates Cyberattack 🕴
📖 Read
via "Dark Reading".
Energy One is trying to determine the initial point of entry and whether personal information has been compromised.📖 Read
via "Dark Reading".
Dark Reading
Energy One Investigates Cyberattack
Energy One is trying to determine the initial point of entry and whether personal information has been compromised.
🕴 Fed Warning: US Space Industry Subject To Foreign Spying, Disruptions 🕴
📖 Read
via "Dark Reading".
The space industry must improve security as foreign intelligence entities seek to steal trade secrets and disrupt space-based infrastructure, US agencies caution.📖 Read
via "Dark Reading".
Dark Reading
Fed Warning: US Space Industry Subject to Foreign Spying, Disruptions
The space industry must improve security as foreign intelligence entities seek to steal trade secrets and disrupt space-based infrastructure, US agencies caution.
🕴 Tesla Data Breach Investigation Reveals Inside Job 🕴
📖 Read
via "Dark Reading".
The carmaker also reported it's taken legal action against the former employees involved in the data breach, which involved more than 75,000 names.📖 Read
via "Dark Reading".
Dark Reading
Tesla Data Breach Investigation Reveals Inside Job
The carmaker also reported it's taken legal action against the former employees involved in the data breach, which involved more than 75,000 names.
‼ CVE-2023-4373 ‼
📖 Read
via "National Vulnerability Database".
Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4459 ‼
📖 Read
via "National Vulnerability Database".
A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40352 ‼
📖 Read
via "National Vulnerability Database".
McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs.📖 Read
via "National Vulnerability Database".