‼ CVE-2020-36767 ‼
📖 Read
via "National Vulnerability Database".
tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell metacharacters in titles, messages, and other input data.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41891 ‼
📖 Read
via "National Vulnerability Database".
FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacker needs to have access to the FlyteAdmin installation, typically either behind a VPN or authentication. Version 1.1.124 contains a patch for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21394 ‼
📖 Read
via "National Vulnerability Database".
In Telecomm, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
🕴 Google Dynamic Search Ads Abused to Unleash Malware 'Deluge' 🕴
📖 Read
via "Dark Reading".
An advanced feature of Google targeted ads can allow a rarely precedented flood of malware infections, rendering machines completely useless.📖 Read
via "Dark Reading".
Dark Reading
Google Dynamic Search Ads Abused to Unleash Malware 'Deluge'
An advanced feature of Google targeted ads can allow a rarely precedented flood of malware infections, rendering machines completely useless.
‼ CVE-2023-45804 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** User requested a CVE number by mistake📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45670 ‼
📖 Read
via "National Vulnerability Database".
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the `config/save` and `config/set` endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site to update the configuration of the Frigate server (e.g. via "drive-by" attack). Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. This issue can lead to arbitrary configuration updates for the Frigate server, resulting in denial of service and possible data exfiltration. Version 0.13.0 Beta 3 contains a patch.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-46502 ‼
📖 Read
via "National Vulnerability Database".
An issue in OpenCRX v.5.2.2 allows a remote attacker to execute arbitrary code via a crafted request.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-42323 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Request Forgery (CSRF) vulnerability in DouHaocms v.3.3 allows a remote attacker to execute arbitrary code via the adminAction.class.php file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45672 ‼
📖 Read
via "National Vulnerability Database".
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at `/config` or through a direct call to `/api/config/save`. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. Input is initially accepted through `http.py`. The user-provided input is then parsed and loaded by `load_config_with_no_duplicates`. However, `load_config_with_no_duplicates` does not sanitize this input by merit of using `yaml.loader.Loader` which can instantiate custom constructors. A provided payload will be executed directly at `frigate/util/builtin.py:110`. This issue may lead to pre-authenticated Remote Code Execution. Version 0.13.0 Beta 3 contains a patch.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45671 ‼
📖 Read
via "National Vulnerability Database".
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/<camera_name>` base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. As the reflected values included in the URL are not sanitized or escaped, this permits execution arbitrary Javascript payloads. Version 0.13.0 Beta 3 contains a patch for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43797 ‼
📖 Read
via "National Vulnerability Database".
BigBlueButton is an open-source virtual classroom. Prior to versions 2.6.11 and 2.7.0-beta.3, Guest Lobby was vulnerable to cross-site scripting when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML. Text sanitizing was added for lobby messages starting in versions 2.6.11 and 2.7.0-beta.3. There are no known workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39172 ‼
📖 Read
via "National Vulnerability Database".
A stored XSS in the process overview (bersicht zugewiesener Vorgaenge) in mbsupport openVIVA c2 20220101 allows a remote, authenticated, low-privileged attacker to execute arbitrary code in the victim's browser via name field of a process.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45956 ‼
📖 Read
via "National Vulnerability Database".
An issue discovered in Govee LED Strip v3.00.42 allows attackers to cause a denial of service via crafted Move and MoveWithOnoff commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-46478 ‼
📖 Read
via "National Vulnerability Database".
An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customer_data parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44397 ‼
📖 Read
via "National Vulnerability Database".
CloudExplorer Lite is an open source, lightweight cloud management platform. Prior to version 1.4.1, the gateway filter of CloudExplorer Lite uses a controller with path starting with `matching/API/`, which can cause a permission bypass. Version 1.4.1 contains a patch for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43798 ‼
📖 Read
via "National Vulnerability Database".
BigBlueButton is an open-source virtual classroom. BigBlueButton prior to versions 2.6.12 and 2.7.0-rc.1 is vulnerable to Server-Side Request Forgery (SSRF). This issue is a bypass of CVE-2023-33176. A patch in versions 2.6.12 and 2.7.0-rc.1 disabled follow redirect at `httpclient.execute` since the software no longer has to follow it when using `finalUrl`. There are no known workarounds. We recommend upgrading to a patched version of BigBlueButton.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-46451 ‼
📖 Read
via "National Vulnerability Database".
Best Courier Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the change username field.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5412 ‼
📖 Read
via "National Vulnerability Database".
The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5431 ‼
📖 Read
via "National Vulnerability Database".
The Left right image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5438 ‼
📖 Read
via "National Vulnerability Database".
The wp image slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5428 ‼
📖 Read
via "National Vulnerability Database".
The Image vertical reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.📖 Read
via "National Vulnerability Database".