🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-40969 ‼

Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php.

📖 Read

via "National Vulnerability Database".

170 views12:13

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-3205 ‼

An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content.

📖 Read

via "National Vulnerability Database".

169 views12:13

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-1555 ‼

An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API.

📖 Read

via "National Vulnerability Database".

179 views12:13

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-40239 ‼

Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to remediate the vulnerability.

📖 Read

via "National Vulnerability Database".

174 views12:13

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-25044 ‼

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sumo Social Share Boost plugin <=Â 4.4 versions.

📖 Read

via "National Vulnerability Database".

176 views12:13

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-1279 ‼

An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was possible to create a URL that would redirect to a different project.

📖 Read

via "National Vulnerability Database".

184 views12:13

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-40970 ‼

Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php.

📖 Read

via "National Vulnerability Database".

190 views12:13

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-25488 ‼

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Duc Bui Quang WP Default Feature Image plugin <=Â 1.0.1.1 versions.

📖 Read

via "National Vulnerability Database".

206 views12:14

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-24412 ‼

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Image Social Feed plugin <=Â 1.7.6 versions.

📖 Read

via "National Vulnerability Database".

233 views12:14

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-4704 ‼

External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

📖 Read

via "National Vulnerability Database".

264 views12:14

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-4343 ‼

An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile.

📖 Read

via "National Vulnerability Database".

265 views12:14

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-39685 ‼

An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted JSON string.

📖 Read

via "National Vulnerability Database".

292 views12:14

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-37827 ‼

A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the executionBlockName parameter.

📖 Read

via "National Vulnerability Database".

270 views14:14

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-22305 ‼

An improper certificate validation vulnerability [CWE-295] inÂ FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker toÂ man-in-the-middle the communication between the listed products and some external peers.

📖 Read

via "National Vulnerability Database".

261 views14:14

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-37986 ‼

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in miniOrange YourMembership Single Sign On â€“ YM SSO Login plugin <=Â 1.1.3 versions.

📖 Read

via "National Vulnerability Database".

225 views14:15

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-37828 ‼

A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tasktyp parameter.

📖 Read

via "National Vulnerability Database".

195 views14:15

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-37893 ‼

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Chop-Chop Coming Soon Chop Chop plugin <=Â 2.2.4 versions.

📖 Read

via "National Vulnerability Database".

183 views14:15

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-34011 ‼

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ShopConstruct plugin <=Â 1.1.2 versions.

📖 Read

via "National Vulnerability Database".

178 views14:15

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-37994 ‼

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Artem Abramovich Art Decoration Shortcode plugin <=Â 1.5.6 versions.

📖 Read

via "National Vulnerability Database".

186 views14:15

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-37830 ‼

A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.

📖 Read

via "National Vulnerability Database".

194 views14:15

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-39703 ‼

A cross site scripting (XSS) vulnerability in the Markdown Editor component of Typora v1.6.7 allows attackers to execute arbitrary code via uploading a crafted Markdown file.

📖 Read

via "National Vulnerability Database".

221 views14:15

About

Blog

Apps

Platform