πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-25033 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Sumo Social Share Boost plugin <=Γ‚ 4.5 versions.

πŸ“– Read

via "National Vulnerability Database".
251 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-44770 β€Ό

A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias.

πŸ“– Read

via "National Vulnerability Database".
282 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-44766 β€Ό

A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings.

πŸ“– Read

via "National Vulnerability Database".
293 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-25480 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid Γ’β‚¬β€œ Visual Drag and Drop Editor plugin <=Γ‚ 1.24.1 versions.

πŸ“– Read

via "National Vulnerability Database".
274 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-27615 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Dipak C. Gajjar WP Super Minify plugin <=Γ‚ 1.5.1 versions.

πŸ“– Read

via "National Vulnerability Database".
280 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-28791 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <=Γ‚ 2.3.4 versions.

πŸ“– Read

via "National Vulnerability Database".
280 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-41654 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Andreas Heigl authLdap plugin <=Γ‚ 2.5.8 versions.

πŸ“– Read

via "National Vulnerability Database".
282 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-41801 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin <=Γ‚ 4.3 versions.

πŸ“– Read

via "National Vulnerability Database".
278 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-29235 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Fugu Maintenance Switch plugin <=Γ‚ 1.5.2 versions.

πŸ“– Read

via "National Vulnerability Database".
225 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-44146 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Checkfront Inc. Checkfront Online Booking System plugin <=Γ‚ 3.6 versions.

πŸ“– Read

via "National Vulnerability Database".
190 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-41650 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Remove/hide Author, Date, Category Like Entry-Meta plugin <=Γ‚ 2.1 versions.

πŸ“– Read

via "National Vulnerability Database".
186 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40607 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin <=Γ‚ 1.10.0 versions.

πŸ“– Read

via "National Vulnerability Database".
166 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-43810 β€Ό

OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs. Autoinstrumentation out of the box adds the label `http_method` that has unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. HTTP method for requests can be easily set by an attacker to be random and long. In order to be affected program has to be instrumented for HTTP handlers and does not filter any unknown HTTP methods on the level of CDN, LB, previous middleware, etc. This issue has been patched in version 0.41b0.

πŸ“– Read

via "National Vulnerability Database".
182 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-41659 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Jules Colle, BDWM Responsive Gallery Grid plugin <=Γ‚ 2.3.10 versions.

πŸ“– Read

via "National Vulnerability Database".
179 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-43058 β€Ό

IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527.

πŸ“– Read

via "National Vulnerability Database".
182 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-41732 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Blocks plugin <=Γ‚ 1.0.20 versions.

πŸ“– Read

via "National Vulnerability Database".
201 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-41950 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Laposta - Roel Bousardt Laposta Signup Basic plugin <=Γ‚ 1.4.1 versions.

πŸ“– Read

via "National Vulnerability Database".
201 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-38703 β€Ό

PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce use-after-free issue. This vulnerability affects applications that have SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other than UDP. This vulnerabilityÒ€ℒs impact may range from unexpected application termination to control flow hijack/memory corruption. The patch is available as a commit in the master branch.

πŸ“– Read

via "National Vulnerability Database".
249 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-42445 β€Ό

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle. In Gradle 7.6.3 and 8.4, resolving XML external entities has been disabled for all use cases to protect against this vulnerability. Gradle will now refuse to parse XML files that have XML external entities.

πŸ“– Read

via "National Vulnerability Database".
284 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-35897 β€Ό

IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246.

πŸ“– Read

via "National Vulnerability Database".
295 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
πŸ•΄ Suspected Crime Gang Hacks Israeli President's Telegram Account πŸ•΄

The encrypted messaging app was hacked in the wake of an online scam before access was "swiftly restored."

πŸ“– Read

via "Dark Reading".
Dark Reading
Suspected Crime Gang Hacks Israeli President's Telegram Account
The encrypted messaging app was hacked in the wake of an online scam before access was "swiftly restored."
288 views