βΌ CVE-2023-37830 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39703 βΌ
π Read
via "National Vulnerability Database".
A cross site scripting (XSS) vulnerability in the Markdown Editor component of Typora v1.6.7 allows attackers to execute arbitrary code via uploading a crafted Markdown file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37826 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fieldname parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37997 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dharmesh Patel Post List With Featured Image plugin <=Γ 1.2 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37829 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notification.message parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39710 βΌ
π Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Customer section.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23763 βΌ
π Read
via "National Vulnerability Database".
An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.10.0 and was fixed in versions 3.9.4, 3.8.9, 3.7.16 and 3.6.18. This vulnerability was reported via the GitHub Bug Bounty program.π Read
via "National Vulnerability Database".
βοΈ Why is .US Being Used to Phish So Many of Us? βοΈ
π Read
via "Krebs on Security".
Domain names ending in β.USβ β the top-level domain for the United States β are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Also, .US domains are only supposed to be available to U.S. citizens and to those who can demonstrate that they have a physical presence in the United States.π Read
via "Krebs on Security".
Krebs on Security
Why is .US Being Used to Phish So Many of Us?
Domain names ending in β.USβ β the top-level domain for the United States β are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently theβ¦
π΄ NYC Subway Disables Trip-History Feature Over Tap-and-Go Privacy Concerns π΄
π Read
via "Dark Reading".
The move by New York's Metropolitan Transit Authority (MTA) follows a report that showed how easy it is for someone to pull up another individual's seven-day ride history through the One Metro New York (OMNY) website.π Read
via "Dark Reading".
Dark Reading
NYC Subway Disables Trip-History Feature Over Tap-and-Go Privacy Concerns
The move by New York's Metropolitan Transit Authority (MTA) follows a report that showed how easy it is for someone to pull up another individual's seven-day ride history through the One Metro New York (OMNY) website.
π΄ Will the AI Arms Race Lead to the Pollution of the Internet? π΄
π Read
via "Dark Reading".
Content creators want to protect their intellectual property from AI by poisoning data. Could this destroy the machine learning ecosystem?π Read
via "Dark Reading".
Dark Reading
Will the AI Arms Race Lead to the Pollution of the Internet?
Content creators want to protect their intellectual property from AI by poisoning data. Could this destroy the machine learning ecosystem?
π΄ Key Group Ransomware Foiled by New Decryptor π΄
π Read
via "Dark Reading".
Researchers crack Key Group's ransomware encryption and release free tool for victim organizations to recover their data.π Read
via "Dark Reading".
Dark Reading
Key Group Ransomware Foiled by New Decryptor
Researchers crack Key Group's ransomware encryption and release free tool for victim organizations to recover their data.
βΌ CVE-2023-36076 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in smanga version 3.1.9 and earlier, allows remote attackers to execute arbitrary code and gain sensitive information via mediaId, mangaId, and userId parameters in php/history/add.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36187 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36328 βΌ
π Read
via "National Vulnerability Database".
Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2023-28366 βΌ
π Read
via "National Vulnerability Database".
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4720 βΌ
π Read
via "National Vulnerability Database".
Floating Point Comparison with Incorrect Operator in GitHub repository gpac/gpac prior to 2.3-DEV.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36327 βΌ
π Read
via "National Vulnerability Database".
Integer Overflow vulnerability in RELIC before commit 421f2e91cf2ba42473d4d54daf24e295679e290e, allows attackers to execute arbitrary code and cause a denial of service in pos argument in bn_get_prime function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36088 βΌ
π Read
via "National Vulnerability Database".
Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36100 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain sensitive information via UserID parameter in api/User/ChangeUser.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36326 βΌ
π Read
via "National Vulnerability Database".
Integer Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allows attackers to execute arbitrary code, cause a denial of service, and escalate privileges when calling realloc function in bn_grow function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40968 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in hzeller timg v.1.5.2 and before allows a remote attacker to cause a denial of service via the 0x61200000045c address.π Read
via "National Vulnerability Database".