βΌ CVE-2023-25480 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid Γ’β¬β Visual Drag and Drop Editor plugin <=Γ 1.24.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27615 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Dipak C. Gajjar WP Super Minify plugin <=Γ 1.5.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28791 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <=Γ 2.3.4 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41654 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Andreas Heigl authLdap plugin <=Γ 2.5.8 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41801 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin <=Γ 4.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29235 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Fugu Maintenance Switch plugin <=Γ 1.5.2 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44146 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Checkfront Inc. Checkfront Online Booking System plugin <=Γ 3.6 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41650 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Remove/hide Author, Date, Category Like Entry-Meta plugin <=Γ 2.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40607 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin <=Γ 1.10.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43810 βΌ
π Read
via "National Vulnerability Database".
OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs. Autoinstrumentation out of the box adds the label `http_method` that has unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. HTTP method for requests can be easily set by an attacker to be random and long. In order to be affected program has to be instrumented for HTTP handlers and does not filter any unknown HTTP methods on the level of CDN, LB, previous middleware, etc. This issue has been patched in version 0.41b0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41659 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Jules Colle, BDWM Responsive Gallery Grid plugin <=Γ 2.3.10 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43058 βΌ
π Read
via "National Vulnerability Database".
IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41732 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Blocks plugin <=Γ 1.0.20 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41950 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Laposta - Roel Bousardt Laposta Signup Basic plugin <=Γ 1.4.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38703 βΌ
π Read
via "National Vulnerability Database".
PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce use-after-free issue. This vulnerability affects applications that have SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other than UDP. This vulnerabilityΓ’β¬β’s impact may range from unexpected application termination to control flow hijack/memory corruption. The patch is available as a commit in the master branch.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42445 βΌ
π Read
via "National Vulnerability Database".
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle. In Gradle 7.6.3 and 8.4, resolving XML external entities has been disabled for all use cases to protect against this vulnerability. Gradle will now refuse to parse XML files that have XML external entities.π Read
via "National Vulnerability Database".
βΌ CVE-2023-35897 βΌ
π Read
via "National Vulnerability Database".
IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246.π Read
via "National Vulnerability Database".
π΄ Suspected Crime Gang Hacks Israeli President's Telegram Account π΄
π Read
via "Dark Reading".
The encrypted messaging app was hacked in the wake of an online scam before access was "swiftly restored."π Read
via "Dark Reading".
Dark Reading
Suspected Crime Gang Hacks Israeli President's Telegram Account
The encrypted messaging app was hacked in the wake of an online scam before access was "swiftly restored."
π΄ 23andMe Cyberbreach Exposes DNA Data, Potential Family Ties π΄
π Read
via "Dark Reading".
The information leaked in the breach involves personally identifiable information as well as genetic ancestry data, potential relatives, and geolocations.π Read
via "Dark Reading".
Dark Reading
23andMe Cyberbreach Exposes DNA Data, Potential Family Ties
The information leaked in the breach involves personally identifiable information as well as genetic ancestry data, potential relatives, and geolocations.
βΌ CVE-2023-44243 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Dylan Blokhuis Instant CSS plugin <=Γ 1.2.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23370 βΌ
π Read
via "National Vulnerability Database".
An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors.We have already fixed the vulnerability in the following version:QVPN Windows 2.1.0.0518 and laterπ Read
via "National Vulnerability Database".