βΌ CVE-2023-38456 βΌ
π Read
via "National Vulnerability Database".
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privilegesπ Read
via "National Vulnerability Database".
βΌ CVE-2023-38457 βΌ
π Read
via "National Vulnerability Database".
In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privilegesπ Read
via "National Vulnerability Database".
βΌ CVE-2023-38461 βΌ
π Read
via "National Vulnerability Database".
In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privilegesπ Read
via "National Vulnerability Database".
βΌ CVE-2023-38443 βΌ
π Read
via "National Vulnerability Database".
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privilegesπ Read
via "National Vulnerability Database".
βΌ CVE-2023-38462 βΌ
π Read
via "National Vulnerability Database".
In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privilegesπ Read
via "National Vulnerability Database".
βΌ CVE-2023-38455 βΌ
π Read
via "National Vulnerability Database".
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privilegesπ Read
via "National Vulnerability Database".
βΌ CVE-2023-4745 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230822. It has been rated as critical. Affected by this issue is some unknown functionality of the file /importexport.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-238634 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
π΄ Facing Third-Party Threats With Non-Employee Risk Management π΄
π Read
via "Dark Reading".
As businesses continue to grapple with third-party threats, a revamped approach to non-employee risk management can help limit their potential exposure. π Read
via "Dark Reading".
Dark Reading
Facing Third-Party Threats With Non-Employee Risk Management
As businesses continue to grapple with third-party threats, a revamped approach to non-employee risk management can help limit their potential exposure.
π’ VMware Aria: CISA warns customers to immediately patch products π’
π Read
via "ITPro".
The disclosure marks the third critical vulnerability in as many months for VMware π Read
via "ITPro".
ITPro
VMware Aria: CISA warns customers to immediately patch products
The disclosure marks the third critical vulnerability in as many months for VMware
βΌ CVE-2023-39988 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ???(std.Cloud) WxSync plugin <=Γ 2.7.23 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36382 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeffrey-WP Media Library Categories plugin <=Γ 2.0.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39164 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Molongui Author Box for Authors, Co-Authors, Multiple Authors and Guest Authors Γ’β¬β Molongui plugin <=Γ 4.6.19 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31220 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP-EXPERTS.IN TEAM WP Categories Widget plugin <=Γ 2.2 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39162 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XLPlugins User Email Verification for WooCommerce plugin <=Γ 3.5.0 versions.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-25465 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy wp tell a friend popup form plugin <=Γ 7.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39918 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in SAASPROJECT Booking Package Booking Package plugin <=Γ 1.6.01 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4614 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/installation/setThumbnailRc endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40206 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in hwk-fr WP 404 Auto Redirect to Similar Post plugin <=Γ 1.0.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39992 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita plugin <=Γ 4.3.2 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40208 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aleksandar UroΓ
Β‘evi? Stock Ticker plugin <=Γ 3.23.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4616 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/thumbnail endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the current user.π Read
via "National Vulnerability Database".