πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
@cibsecurity
25K subscribers
88.4K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
25K subscribers
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-38407 β€Ό

bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.

πŸ“– Read

via "National Vulnerability Database".
214 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-47420 β€Ό

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11.

πŸ“– Read

via "National Vulnerability Database".
215 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-45055 β€Ό

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InspireUI MStore API allows SQL Injection.This issue affects MStore API: from n/a through 4.0.6.

πŸ“– Read

via "National Vulnerability Database".
206 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-4699 β€Ό

Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to reset the memory of the products to factory default state and cause denial-of-service (DoS) condition on the products by sending specific packets.

πŸ“– Read

via "National Vulnerability Database".
245 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-46822 β€Ό

Unauth. Reflected Cross-Site Scripting') vulnerability in Visser Labs Store Exporter for WooCommerce Γ’β‚¬β€œ Export Products, Export Orders, Export Subscriptions, and More plugin <=Γ‚ 2.7.2 versions.

πŸ“– Read

via "National Vulnerability Database".
225 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2022-46849 β€Ό

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar Coming Soon Page Γ’β‚¬β€œ Responsive Coming Soon & Maintenance Mode allows SQL Injection.This issue affects Coming Soon Page Γ’β‚¬β€œ Responsive Coming Soon & Maintenance Mode: from n/a through 1.5.9.

πŸ“– Read

via "National Vulnerability Database".
236 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-38382 β€Ό

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daniel Sâderstrâm / Sidney van de Stouwe Subscribe to Category allows SQL Injection.This issue affects Subscribe to Category: from n/a through 2.7.4.

πŸ“– Read

via "National Vulnerability Database".
252 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-40609 β€Ό

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aiyaz, maheshpatel Contact form 7 Custom validation allows SQL Injection.This issue affects Contact form 7 Custom validation: from n/a through 1.1.3.

πŸ“– Read

via "National Vulnerability Database".
267 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-47184 β€Ό

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Proper Fraction LLC. Admin Bar & Dashboard Access Control plugin <=Γ‚ 1.2.8 versions.

πŸ“– Read

via "National Vulnerability Database".
296 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
🦿 Security Incident Response Policy 🦿

The Security Incident Response Policy from TechRepublic Premium describes the organization’s process for minimizing and mitigating the results of an information technology security-related incident. The policy’s purpose is to define for employees, IT department staff and users the process to be followed when experiencing a suspected IT-security incident. From the policy: The following, while not ...

πŸ“– Read

via "Tech Republic".
TechRepublic
Security Incident Response Policy
The Security Incident Response Policy from TechRepublic Premium describes the organization’s process for minimizing and mitigating the results of an
334 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-46777 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Custom Login Page | Temporary Users | Rebrand Login | Login Captcha plugin <=Γ‚ 1.1.3 versions.

πŸ“– Read

via "National Vulnerability Database".
300 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-46780 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Alter plugin <=Γ‚ 1.0 versions.

πŸ“– Read

via "National Vulnerability Database".
302 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-5831 β€Ό

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab version metadata to unauthorized actors.

πŸ“– Read

via "National Vulnerability Database".
311 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-47185 β€Ό

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team Comments Ò€” wpDiscuz plugin <=Γ‚ 7.6.11 versions.

πŸ“– Read

via "National Vulnerability Database".
267 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-46779 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in EasyRecipe plugin <=Γ‚ 3.5.3251 versions.

πŸ“– Read

via "National Vulnerability Database".
241 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-46781 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Roland Murg Current Menu Item for Custom Post Types plugin <=Γ‚ 1.5 versions.

πŸ“– Read

via "National Vulnerability Database".
206 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-4996 β€Ό

Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service.Γ‚ 

πŸ“– Read

via "National Vulnerability Database".
233 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-5090 β€Ό

A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition.

πŸ“– Read

via "National Vulnerability Database".
249 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-46775 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in Djo Original texts Yandex WebMaster plugin <=Γ‚ 1.18 versions.

πŸ“– Read

via "National Vulnerability Database".
243 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-5823 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in ThemeKraft TK Google Fonts GDPR Compliant plugin <=Γ‚ 2.2.11 versions.

πŸ“– Read

via "National Vulnerability Database".
240 views
πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
β€Ό CVE-2023-46778 β€Ό

Cross-Site Request Forgery (CSRF) vulnerability in TheFreeWindows Auto Limit Posts Reloaded plugin <=Γ‚ 2.5 versions.

πŸ“– Read

via "National Vulnerability Database".
236 views