πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25.8K subscribers
89.2K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25.8K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-45374 β€Ό

An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams.

πŸ“– Read

via "National Vulnerability Database".
307 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-39854 β€Ό

The web interface of ATX Ucrypt through 3.5 allows authenticated users (or attackers using default credentials for the admin, master, or user account) to include files via a URL in the /hydra/view/get_cc_url url parameter. There can be resultant SSRF.

πŸ“– Read

via "National Vulnerability Database".
325 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 Upgrade to Microsoft Windows 11 Home for Just $30 Through 10/15 🦿

You can now upgrade up to five computers to Microsoft Windows 11 Home for one low price and get a new sleek interface, advanced tools and enhanced security.

πŸ“– Read

via "Tech Republic".
TechRepublic
Upgrade to Microsoft Windows 11 Home for Just $10
You can now upgrade up to five computers to Microsoft Windows 11 Home for one low price and get a new sleek interface, advanced tools and enhanced security.
386 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-44236 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Devnath verma WP Captcha plugin <=Γ‚ 2.0.0 versions.

πŸ“– Read

via "National Vulnerability Database".
370 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-5331 β€Ό

Mattermost fails to properly check the creator of an attached file when adding the file to a draft post,Γ‚ potentially exposing unauthorized file information.

πŸ“– Read

via "National Vulnerability Database".
381 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-44473 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus plugin <=Γ‚ 2302 versions.

πŸ“– Read

via "National Vulnerability Database".
326 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-5330 β€Ό

Mattermost fails toΓ‚ enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable.

πŸ“– Read

via "National Vulnerability Database".
267 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-45613 β€Ό

In JetBrains Ktor before 2.3.5 server certificates were not verified

πŸ“– Read

via "National Vulnerability Database".
248 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-5333 β€Ό

Mattermost fails to deduplicate input IDs allowing aΓ‚ simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs.

πŸ“– Read

via "National Vulnerability Database".
243 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-44238 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Joakim Ling Remove slug from custom post type plugin <=Γ‚ 1.0.3 versions.

πŸ“– Read

via "National Vulnerability Database".
236 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-44240 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Peter Butler Timthumb Vulnerability Scanner plugin <=Γ‚ 1.54 versions.

πŸ“– Read

via "National Vulnerability Database".
246 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-44237 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Moriyan Jay WP Site Protector plugin <=Γ‚ 2.0 versions.

πŸ“– Read

via "National Vulnerability Database".
281 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-44993 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <=Γ‚ 4.7.8 versions.

πŸ“– Read

via "National Vulnerability Database".
315 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-45612 β€Ό

In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE

πŸ“– Read

via "National Vulnerability Database".
328 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-44246 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Matias s Shockingly Simple Favicon plugin <=Γ‚ 1.8.2 versions.

πŸ“– Read

via "National Vulnerability Database".
370 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-43700 β€Ό

Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication.

πŸ“– Read

via "National Vulnerability Database".
363 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-43697 β€Ό

Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows anunprivileged remote attacker to make the site unable to load necessary strings via changing file pathsusing HTTP requests.

πŸ“– Read

via "National Vulnerability Database".
349 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-43698 β€Ό

Improper Neutralization of Input During Web Page Generation (Ò€ℒCross-site ScriptingÒ€ℒ) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the clientsbrowser via injecting code into the website.

πŸ“– Read

via "National Vulnerability Database".
328 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-43696 β€Ό

Improper Access Control in SICK APU allows an unprivileged remote attacker todownload as well as upload arbitrary files via anonymous access to the FTP server.

πŸ“– Read

via "National Vulnerability Database".
270 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-5100 β€Ό

Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows anunprivileged remote attacker to retrieve potentially sensitive information via intercepting network trafficthat is not encrypted.

πŸ“– Read

via "National Vulnerability Database".
256 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-43699 β€Ό

Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APUallows an unprivileged remote attacker to guess the password via trial-and-error as the login attemptsare not limited.

πŸ“– Read

via "National Vulnerability Database".
248 views