βΌ CVE-2023-39646 βΌ
π Read
via "National Vulnerability Database".
Improper neutralization of SQL parameter in Theme Volty CMS Category Chain Slider module for PrestaShop. In the module Γ’β¬ΕTheme Volty CMS Category Chain Slide"(tvcmscategorychainslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39649 βΌ
π Read
via "National Vulnerability Database".
Improper neutralization of SQL parameter in Theme Volty CMS Category Slider module for PrestaShop. In the module Γ’β¬ΕTheme Volty CMS Category SliderΓ’β¬οΏ½ (tvcmscategoryslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.π Read
via "National Vulnerability Database".
π¦Ώ Quick Glossary: Cybersecurity Attacks π¦Ώ
π Read
via "Tech Republic".
It doesnβt matter whether your organization is a huge multinational business enterprise or a one-person operation. At some point, your computer networks and systems will be attacked by someone with criminal intent. Cybersecurity attacks, in all their various forms, are inevitable and relentless. This quick glossary from TechRepublic Premium explains the terminology behind the most ...π Read
via "Tech Republic".
TechRepublic
Quick Glossary: Cybersecurity Attacks
It doesnβt matter whether your organization is a huge multinational business enterprise or a one-person operation. At some point, your computer networks
βΌ CVE-2023-44272 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5375 βΌ
π Read
via "National Vulnerability Database".
Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.π Read
via "National Vulnerability Database".
π¦Ώ This Top-Rated Ad Blocker is Just $25 Through October 15th π¦Ώ
π Read
via "Tech Republic".
AdGuard gets rid of ads and provides an extra layer of protection on multiple devices. Through October 15th only, it's just $25 for life.π Read
via "Tech Republic".
TechRepublic
Get Advanced Ad Blocking and Superior Data Privacy Tools for Just $11
Block popups, banners and video ads while also protecting yourself from activity trackers, phishing attempts, fraudulent websites and other types of malware with AdGuard.
βΌ CVE-2023-1584 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provider services. Please note that passwords are not stored in access tokens.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25788 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Saphali Saphali Woocommerce Lite plugin <=Γ 1.8.13 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4586 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37995 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-CopyProtect [Protect your blog posts] plugin <=Γ 3.1.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2809 βΌ
π Read
via "National Vulnerability Database".
Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. This vulnerability could be linked to known techniques to obtain remote execution of MS SQL commands and escalate privileges on Windows systems because the credentials are stored in plaintext.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25489 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Update Theme and Plugins from Zip File plugin <=Γ 2.0.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25980 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in CAGE Web Design | Rolf van Gelder Optimize Database after Deleting Revisions plugin <=Γ 5.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3512 βΌ
π Read
via "National Vulnerability Database".
Relative path traversal vulnerability in Setelsa Security's ConacWin CB, in its 3.8.2.2 version and earlier, the exploitation of which could allow an attacker to perform an arbitrary download of files from the system via the "Download file" parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2422 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5377 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4997 βΌ
π Read
via "National Vulnerability Database".
Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0.33940) allows them to change passwords of all other users including administrators leading to a privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3701 βΌ
π Read
via "National Vulnerability Database".
Aqua Drive, in its 2.4 version, is vulnerable to a relative path traversal vulnerability. By exploiting this vulnerability, an authenticated non privileged user could access/modify stored resources of other users. It could also be possible to access and modify the source and configuration files of the cloud disk platform, affecting the integrity and availability of the entire platform.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44208 βΌ
π Read
via "National Vulnerability Database".
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4497 βΌ
π Read
via "National Vulnerability Database".
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Icon parameter. The XSS is loaded from /users.ghp.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3153 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.π Read
via "National Vulnerability Database".