🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-4098

It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application.

📖 Read

via "National Vulnerability Database".
176 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-32792

Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to eliminate roles within the platform by sending a specifically crafted query to the server. The vulnerability is based on the absence of proper validation of the origin of incoming requests.

📖 Read

via "National Vulnerability Database".
200 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-40210

Cross-Site Request Forgery (CSRF) vulnerability in Sean Barton (Tortoise IT) SB Child List plugin <= 4.5 versions.

📖 Read

via "National Vulnerability Database".
196 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-40202

Cross-Site Request Forgery (CSRF) vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin <= 3.4.1 versions.

📖 Read

via "National Vulnerability Database".
191 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-5353

Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1.

📖 Read

via "National Vulnerability Database".
190 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-40212

Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Product Attachment for WooCommerce plugin <= 2.1.8 versions.

📖 Read

via "National Vulnerability Database".
161 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-4101

The QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application.

📖 Read

via "National Vulnerability Database".
163 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-4102

QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application.

📖 Read

via "National Vulnerability Database".
170 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-5350

SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1.

📖 Read

via "National Vulnerability Database".
211 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-39159

Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Fraud Prevention For Woocommerce plugin <= 2.1.5 versions.

📖 Read

via "National Vulnerability Database".
228 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-4103

QSige statistics are affected by a remote SQLi vulnerability. It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application.

📖 Read

via "National Vulnerability Database".
249 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-40198

Cross-Site Request Forgery (CSRF) vulnerability in Antsanchez Easy Cookie Law plugin <= 3.1 versions.

📖 Read

via "National Vulnerability Database".
274 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-4100

Allows an attacker to perform XSS attacks stored on certain resources. Exploiting this vulnerability can lead to a DoS condition, among other actions.

📖 Read

via "National Vulnerability Database".
274 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-32671

A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. This vulnerability allows an attacker to store a malicious javascript payload via POST request when sending an invitation.

📖 Read

via "National Vulnerability Database".
👍1
299 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-4886

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.

📖 Read

via "National Vulnerability Database".
274 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-32091

Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions.

📖 Read

via "National Vulnerability Database".
288 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-40558

Cross-Site Request Forgery (CSRF) vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin <= 3.3.5 versions.

📖 Read

via "National Vulnerability Database".
272 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-2544

Authorization bypass vulnerability in UPV PEIX, affecting the component "pdf_curri_new.php". Through a POST request, an authenticated user could change the ID parameter to retrieve all the stored information of other registered users.

📖 Read

via "National Vulnerability Database".
207 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-4884

An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication.

📖 Read

via "National Vulnerability Database".
203 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-4929

All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices.

📖 Read

via "National Vulnerability Database".
206 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-41244

Cross-Site Request Forgery (CSRF) vulnerability in Buildfail Localize Remote Images plugin <= 1.0.9 versions.

📖 Read

via "National Vulnerability Database".
192 views