βΌ CVE-2023-45556 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5454 βΌ
π Read
via "National Vulnerability Database".
The Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users to delete arbitrary posts.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4930 βΌ
π Read
via "National Vulnerability Database".
The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-47004 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5082 βΌ
π Read
via "National Vulnerability Database".
The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5181 βΌ
π Read
via "National Vulnerability Database".
The WP Discord Invite WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)π Read
via "National Vulnerability Database".
βΌ CVE-2023-5228 βΌ
π Read
via "National Vulnerability Database".
The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).π Read
via "National Vulnerability Database".
βΌ CVE-2023-5605 βΌ
π Read
via "National Vulnerability Database".
The URL Shortify WordPress plugin through 1.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)π Read
via "National Vulnerability Database".
βΌ CVE-2023-5352 βΌ
π Read
via "National Vulnerability Database".
The Awesome Support WordPress plugin before 6.1.5 does not correctly authorize the wpas_edit_reply function, allowing users to edit posts for which they do not have permission.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4810 βΌ
π Read
via "National Vulnerability Database".
The Responsive Pricing Table WordPress plugin before 5.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)π Read
via "National Vulnerability Database".
βΌ CVE-2023-5601 βΌ
π Read
via "National Vulnerability Database".
The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5771 βΌ
π Read
via "National Vulnerability Database".
Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages.Γ Γ This issue affects Proofpoint Enterprise Protection: from 8.20.0 before patch 4796, from 8.18.6 before patch 4795 and all other prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5355 βΌ
π Read
via "National Vulnerability Database".
The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server.π Read
via "National Vulnerability Database".
π΄ Steps to Follow to Comply With the SEC Cybersecurity Disclosure Rule π΄
π Read
via "Dark Reading".
Mandiant/Google Cloudβs Jill C. Tyson offers up timelines, checklists, and other guidance around enterprise-wide readiness to ensure compliance with the new rule.π Read
via "Dark Reading".
Dark Reading
Steps to Follow to Comply With the SEC Cybersecurity Disclosure Rule
Mandiant/Google Cloud's Jill C. Tyson offers up timelines, checklists, and other guidance around enterprisewide readiness to ensure compliance with the new rule.
π¦Ώ VMware Explore Barcelona 2023: Enhanced Private AI and Sovereign Cloud Services Announced π¦Ώ
π Read
via "Tech Republic".
VMware's Private AI platform will include interoperability with Intel, IBM's watsonx and Kyndryl. π Read
via "Tech Republic".
TechRepublic
VMware Explore Barcelona 2023: Enhanced Private AI and Sovereign Cloud Services Announced
VMware's Private AI platform will include interoperability with Intel, IBM's watsonx and Kyndryl.
π¦Ώ IT Pros in Australian Crypto Need to Brace for Regulation π¦Ώ
π Read
via "Tech Republic".
The Australian government is moving towards regulating cryptocurrency, with a focus on those involved in developing and maintaining crypto platforms.π Read
via "Tech Republic".
TechRepublic
IT Pros in Australian Crypto Need to Brace for Regulation
Australia is moving towards regulating cryptocurrency, with a focus on those involved in developing and maintaining crypto platforms.
π΄ Identity Alone Won't Save Us: The TSA Paradigm and MGM's Hack π΄
π Read
via "Dark Reading".
To combat sophisticated threats, we need to improve how we approach authorization and access controls.π Read
via "Dark Reading".
Darkreading
Identity Alone Won't Save Us: The TSA Paradigm and MGM's Hack
To combat sophisticated threats, we need to improve how we approach authorization and access controls.
π΄ Atlassian Bug Escalated to 10, All Unpatched Instances Vulnerable π΄
π Read
via "Dark Reading".
Active ransomware attacks against vulnerable Atlassian Confluence Data Center and Servers ratchets up risk to enterprises, now reflected in the bug's revised CVSS score of 10. π Read
via "Dark Reading".
Dark Reading
Atlassian Bug Escalated to 10, All Unpatched Instances Vulnerable
Active ransomware attacks against vulnerable Atlassian Confluence Data Center and Servers ratchets up risk to enterprises, now reflected in the bug's revised CVSS score of 10.
β€1π1
π¦Ώ Speedify Review 2023: Features, Security & Performance π¦Ώ
π Read
via "Tech Republic".
Speedify VPN offers speed-centered features that may not make up for its lack of security and pricey plan. Find out how this VPN measured up in our review.π Read
via "Tech Republic".
TechRepublic
Speedify VPN Review 2025: Features, Security, and Performance
Read our Speedify VPN review to explore its features, security, and performance. Find out if it's the right choice for your needs.
π΄ North Korea's BlueNoroff APT Debuts 'Dumbed Down' macOS Malware π΄
π Read
via "Dark Reading".
Kim Jong-Un's hackers are scraping the bottom of the barrel, using script kiddie-grade malware to steal devalued digital assets.π Read
via "Dark Reading".
Dark Reading
North Korea's BlueNoroff APT Debuts 'Dumbed Down' macOS Malware
Kim Jong-Un's hackers are scraping the bottom of the barrel, using script kiddie-grade malware to steal devalued digital assets.
π¦Ώ hide.me VPN Review 2023: Features, Pricing, and More π¦Ώ
π Read
via "Tech Republic".
hide.me VPN is a secure and customizable solution. Read this comprehensive review to learn about its features, performance, pricing, and more.π Read
via "Tech Republic".
TechRepublic
hide.me VPN Review (2025): Features, Pricing, and Security
Discover the latest on hide.me VPN in 2025. Explore its features, security, and speed to decide if itβs the right choice for your needs.