πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-36382 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeffrey-WP Media Library Categories plugin <=Γ‚ 2.0.0 versions.

πŸ“– Read

via "National Vulnerability Database".
268 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39164 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Molongui Author Box for Authors, Co-Authors, Multiple Authors and Guest Authors Γ’β‚¬β€œ Molongui plugin <=Γ‚ 4.6.19 versions.

πŸ“– Read

via "National Vulnerability Database".
235 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-31220 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP-EXPERTS.IN TEAM WP Categories Widget plugin <=Γ‚ 2.2 versions.

πŸ“– Read

via "National Vulnerability Database".
212 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39162 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XLPlugins User Email Verification for WooCommerce plugin <=Γ‚ 3.5.0 versions.

πŸ“– Read

via "National Vulnerability Database".
πŸ‘1
187 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-25465 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy wp tell a friend popup form plugin <=Γ‚ 7.1 versions.

πŸ“– Read

via "National Vulnerability Database".
171 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39918 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in SAASPROJECT Booking Package Booking Package plugin <=Γ‚ 1.6.01 versions.

πŸ“– Read

via "National Vulnerability Database".
169 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-4614 β€Ό

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/installation/setThumbnailRc endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user.

πŸ“– Read

via "National Vulnerability Database".
168 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40206 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in hwk-fr WP 404 Auto Redirect to Similar Post plugin <=Γ‚ 1.0.3 versions.

πŸ“– Read

via "National Vulnerability Database".
168 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39992 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita plugin <=Γ‚ 4.3.2 versions.

πŸ“– Read

via "National Vulnerability Database".
171 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40208 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aleksandar UroΓ…Β‘evi? Stock Ticker plugin <=Γ‚ 3.23.3 versions.

πŸ“– Read

via "National Vulnerability Database".
169 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-4616 β€Ό

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/thumbnail endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the current user.

πŸ“– Read

via "National Vulnerability Database".
179 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39919 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in maennchen1.De wpShopGermany Γ’β‚¬β€œ Protected Shops plugin <=Γ‚ 2.0 versions.

πŸ“– Read

via "National Vulnerability Database".
174 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30494 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRecycle ImageRecycle pdf & image compression plugin <=Γ‚ 3.1.10 versions.

πŸ“– Read

via "National Vulnerability Database".
188 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39987 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay Lulia wSecure Lite plugin <=Γ‚ 2.5 versions.

πŸ“– Read

via "National Vulnerability Database".
206 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39991 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blindside Networks BigBlueButton plugin <=Γ‚ 3.0.0-beta.4 versions.

πŸ“– Read

via "National Vulnerability Database".
240 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-37393 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Atarim Visual Website Collaboration, Feedback & Project Management Γ’β‚¬β€œ Atarim plugin <=Γ‚ 3.9.3 versions.

πŸ“– Read

via "National Vulnerability Database".
266 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-4615 β€Ό

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/download/updateFile endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the current user.

πŸ“– Read

via "National Vulnerability Database".
296 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Realism Reigns on AI at Black Hat and DEF CON πŸ•΄

Realistic expectations and caution began to replace wonder and confusion for generative AI at the recent security industry gatherings.

πŸ“– Read

via "Dark Reading".
Dark Reading
Realism Reigns on AI at Black Hat and DEF CON
Realistic expectations and caution began to replace wonder and confusion for generative AI at the recent security industry gatherings.
278 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-4269 β€Ό

The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses.

πŸ“– Read

via "National Vulnerability Database".
253 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40197 β€Ό

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Devaldi Ltd flowpaper plugin <=Γ‚ 1.9.9 versions.

πŸ“– Read

via "National Vulnerability Database".
239 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-30485 β€Ό

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Solwin Infotech Responsive WordPress Slider Γ’β‚¬β€œ Avartan Slider Lite plugin <=Γ‚ 1.5.3 versions.

πŸ“– Read

via "National Vulnerability Database".
212 views