πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-4522 β€Ό

An issue has been discovered in GitLab affecting all versions starting from 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit

πŸ“– Read

via "National Vulnerability Database".
446 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-3136 β€Ό

The MailArchiver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

πŸ“– Read

via "National Vulnerability Database".
467 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Why The Matrix offers valuable lessons on data sovereignty for channel partners πŸ“’

Two decades on, there's much that the Matrix series can teach channel partners about data sovereignty

πŸ“– Read

via "ITPro".
channelpro
Why The Matrix offers valuable lessons on data sovereignty for channel partners
Two decades on, there's much that the Matrix series can teach channel partners about data sovereignty
461 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Flipper Zero Review: Ubiquity in a small form factor πŸ“’

Tamagotchi meets communications wizardry in this cute little hackers' tool

πŸ“– Read

via "ITPro".
ITPro
Flipper Zero Review: Ubiquity in a small form factor
Tamagotchi meets communications wizardry in this cute little hackers' tool
427 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-32740 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kunal Nagar Custom 404 Pro plugin <=Γ‚ 3.8.1 versions.

πŸ“– Read

via "National Vulnerability Database".
407 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ“’ Qakbot forced offline, but history suggests it probably won’t be forever πŸ“’

Operation Duck Hunt was one of the largest of its kind but similar attempts in the past have struggled to achieve long-lasting success

πŸ“– Read

via "ITPro".
ITPro
Qakbot forced offline, but history suggests it probably won’t be forever
Operation Duck Hunt was one of the largest of its kind but similar attempts in the past have struggled to achieve long-lasting success
❀1
385 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-32597 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Video Gallery plugin <=Γ‚ 1.0.10 versions.

πŸ“– Read

via "National Vulnerability Database".
299 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-32801 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Composite Products plugin <=Γ‚ 8.7.5 versions.

πŸ“– Read

via "National Vulnerability Database".
270 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-41553 β€Ό

Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetStaticRouteCfg.

πŸ“– Read

via "National Vulnerability Database".
259 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-4624 β€Ό

Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08.

πŸ“– Read

via "National Vulnerability Database".
217 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-4600 β€Ό

The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwp_activate_addons_page_plugin' function called via an AJAX action in versions up to, and including, 2.14.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate arbitrary plugins.

πŸ“– Read

via "National Vulnerability Database".
187 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-41558 β€Ό

Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter timeZone at url /goform/SetSysTimeCfg.

πŸ“– Read

via "National Vulnerability Database".
174 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-25462 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP htaccess Control plugin <=Γ‚ 3.5.1 versions.

πŸ“– Read

via "National Vulnerability Database".
169 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-32746 β€Ό

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Brands plugin <=Γ‚ 1.6.45 versions.

πŸ“– Read

via "National Vulnerability Database".
165 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-41559 β€Ό

Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter page at url /goform/NatStaticSetting.

πŸ“– Read

via "National Vulnerability Database".
161 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-27426 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Notifyvisitors NotifyVisitors plugin <=Γ‚ 1.0 versions.

πŸ“– Read

via "National Vulnerability Database".
160 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-33929 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joaquín Ruiz Easy Admin Menu plugin <=Γ‚ 1.3 versions.

πŸ“– Read

via "National Vulnerability Database".
162 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-32793 β€Ό

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <=Γ‚ 2.0.0 versions.

πŸ“– Read

via "National Vulnerability Database".
157 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-41557 β€Ό

Tenda AC7 V1.0 V15.03.06.44 and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter entrys and mitInterface at url /goform/addressNat.

πŸ“– Read

via "National Vulnerability Database".
157 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-41563 β€Ό

Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter mac at url /goform/GetParentControlInfo.

πŸ“– Read

via "National Vulnerability Database".
158 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-41561 β€Ό

Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter startIp and endIp at url /goform/SetPptpServerCfg.

πŸ“– Read

via "National Vulnerability Database".
165 views