βΌ CVE-2023-41681 βΌ
π Read
via "National Vulnerability Database".
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45109 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in ZAKSTAN WhitePage plugin <=Γ 1.1.5 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41843 βΌ
π Read
via "National Vulnerability Database".
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute unauthorized code or commands via crafted HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45391 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33303 βΌ
π Read
via "National Vulnerability Database".
A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api requestπ Read
via "National Vulnerability Database".
βΌ CVE-2023-41836 βΌ
π Read
via "National Vulnerability Database".
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.4, and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.4 through 3.0.7 allows attacker to execute unauthorized code or commands via crafted HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45268 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Hitsteps Hitsteps Web Analytics plugin <=Γ 5.86 versions.π Read
via "National Vulnerability Database".
π΄ Gaza Conflict Paves Way for Pro-Hamas Information Operations π΄
π Read
via "Dark Reading".
Mandiant's John Hultquist says to expect anti-Israel influence and espionage campaigns to ramp up as the war grinds on.π Read
via "Dark Reading".
Dark Reading
Gaza Conflict Paves Way for Pro-Hamas Information Operations
Mandiant's John Hultquist says to expect anti-Israel influence and espionage campaigns to ramp up as the war grinds on.
π΄ Microsoft Debuts AI Bug-Bounty Program, Offers $15K π΄
π Read
via "Dark Reading".
The goal of the program is to uncover critical or important vulnerabilities within the AI-powered Bing program.π Read
via "Dark Reading".
Dark Reading
Microsoft Debuts AI Bug-Bounty Program, Offers $15K
The goal of the program is to uncover critical or important vulnerabilities within the AI-powered Bing program.
π΄ ShellBot Cracks Linux SSH Servers, Debuts New Evasion Tactic π΄
π Read
via "Dark Reading".
The botnet β built for DDoS, backdooring, and dropping malware β is evading standard URL signature detections with a novel approach.π Read
via "Dark Reading".
Dark Reading
ShellBot Cracks Linux SSH Servers, Debuts New Evasion Tactic
The botnet β built for DDoS, backdooring, and dropping malware β is evading standard URL signature detections with a novel approach involving Hex IP addresses.
βΌ CVE-2023-5449 βΌ
π Read
via "National Vulnerability Database".
A potential security vulnerability has been identified in certain HP Displays supporting the Theft Deterrence feature which may allow a monitorΓ’β¬β’s Theft Deterrence to be deactivated.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4499 βΌ
π Read
via "National Vulnerability Database".
A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure. HP is releasing mitigation for the potential vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45269 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <=Γ 2.0.23 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40682 βΌ
π Read
via "National Vulnerability Database".
IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45270 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <=Γ 2.9.9.4.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5409 βΌ
π Read
via "National Vulnerability Database".
HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. These models may be susceptible to a physical attack, allowing an untrusted source to tamper with the system firmware using a publicly disclosed private key. HP is providing recommended guidance for customers to reduce exposure to the potential vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45276 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in automatededitor.Com Automated Editor plugin <=Γ 1.3 versions.π Read
via "National Vulnerability Database".
π΄ Security Pros Warn that EU's Vulnerability Disclosure Rule is Risky π΄
π Read
via "Dark Reading".
The European Union's Cyber Resilience Act's requirement to disclose vulnerabilities within 24 hours of exploitation could potentially expose organizations to attacks from adversaries or government surveillance.π Read
via "Dark Reading".
Dark Reading
Security Pros Warn That EU's Vulnerability Disclosure Rule Is Risky
The European Union's Cyber Resilience Act's requirement to disclose vulnerabilities within 24 hours of exploitation could potentially expose organizations to attacks from adversaries or government surveillance.
π΄ Feds: Beware AvosLocker Ransomware Attacks on Critical Infrastructure π΄
π Read
via "Dark Reading".
CISA and FBI warn the RaaS provider's affiliates are striking critical industries, with more attacks expected to come from additional ransomware groups in the months ahead.π Read
via "Dark Reading".
Dark Reading
Feds: Beware AvosLocker Ransomware Attacks on Critical Infrastructure
CISA and FBI warn the RaaS provider's affiliates are striking critical industries, with more attacks expected to come from additional ransomware groups in the months ahead.
π΄ How MOVEit Is Likely to Shift Cyber Insurance Calculus π΄
π Read
via "Dark Reading".
Progress Software plans to collect millions in cyber insurance policy payouts after the MOVEit breaches, which will make getting coverage more expensive and harder to get for everyone else, experts say.π Read
via "Dark Reading".
Dark Reading
How MOVEit Is Likely to Shift Cyber Insurance Calculus
Progress Software plans to collect millions in cyber insurance policy payouts after the MOVEit breaches, which will make getting coverage more expensive and harder to get for everyone else, experts say.
βΌ CVE-2023-4257 βΌ
π Read
via "National Vulnerability Database".
Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.π Read
via "National Vulnerability Database".