🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.8K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.8K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-5350

SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1.

📖 Read

via "National Vulnerability Database".
211 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-39159

Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Fraud Prevention For Woocommerce plugin <= 2.1.5 versions.

📖 Read

via "National Vulnerability Database".
228 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-4103

QSige statistics are affected by a remote SQLi vulnerability. It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application.

📖 Read

via "National Vulnerability Database".
249 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-40198

Cross-Site Request Forgery (CSRF) vulnerability in Antsanchez Easy Cookie Law plugin <= 3.1 versions.

📖 Read

via "National Vulnerability Database".
274 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-4100

Allows an attacker to perform XSS attacks stored on certain resources. Exploiting this vulnerability can lead to a DoS condition, among other actions.

📖 Read

via "National Vulnerability Database".
274 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-32671

A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. This vulnerability allows an attacker to store a malicious javascript payload via POST request when sending an invitation.

📖 Read

via "National Vulnerability Database".
👍1
299 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-4886

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.

📖 Read

via "National Vulnerability Database".
274 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-32091

Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions.

📖 Read

via "National Vulnerability Database".
288 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-40558

Cross-Site Request Forgery (CSRF) vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin <= 3.3.5 versions.

📖 Read

via "National Vulnerability Database".
272 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-2544

Authorization bypass vulnerability in UPV PEIX, affecting the component "pdf_curri_new.php". Through a POST request, an authenticated user could change the ID parameter to retrieve all the stored information of other registered users.

📖 Read

via "National Vulnerability Database".
207 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-4884

An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication.

📖 Read

via "National Vulnerability Database".
203 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-4929

All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices.

📖 Read

via "National Vulnerability Database".
206 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-41244

Cross-Site Request Forgery (CSRF) vulnerability in Buildfail Localize Remote Images plugin <= 1.0.9 versions.

📖 Read

via "National Vulnerability Database".
192 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-27435

Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin <= 0.3.2 versions.

📖 Read

via "National Vulnerability Database".
181 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-4883

Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operation of the service by sending a specially crafted json string to the VNF (Virtual Network Function), and triggering the ogs_sbi_message_free function, which could cause a service outage.

📖 Read

via "National Vulnerability Database".
182 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-4885

Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network Function) communications resulting in the exposure of sensitive information.

📖 Read

via "National Vulnerability Database".
207 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-39158

Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Banner Management For WooCommerce plugin <= 2.4.2 versions.

📖 Read

via "National Vulnerability Database".
246 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-3350

A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, which can be decrypted with a .NET function, obtaining the username's password in plain text.

📖 Read

via "National Vulnerability Database".
375 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-0506

The web service of ByDemes Group Airspace CCTV Web Service in its 2.616.BY00.11 version, contains a privilege escalation vulnerability, detected in the Camera Control Panel, whose exploitation could allow a low-privileged attacker to gain administrator access.

📖 Read

via "National Vulnerability Database".
347 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-4882

DOS vulnerability that could allow an attacker to register a new VNF (Virtual Network Function) value. This action could trigger the args_assets() function defined in the arg-log.php file, which would then execute the args-abort.c file, causing the service to crash.

📖 Read

via "National Vulnerability Database".
350 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-43976

An issue in CatoNetworks CatoClient before v.5.4.0 allows attackers to escalate privileges and winning the race condition (TOCTOU) via the PrivilegedHelperTool component.

📖 Read

via "National Vulnerability Database".
👏1
311 views