‼️CVE-2023-50071‼️
📖 Read more
Via "National Vulnerability Database"
Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in customersupportajax.php?actionsavedepartment via id or name.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-52240‼️
📖 Read more
Via "National Vulnerability Database"
The Kantega SAML SSO OIDC Kerberos Single Signon apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 through 4.14.8 before 4.14.9, 5.0.0 through 5.11.4 before 5.11.5, and 6.0.0 through 6.19.0 before 6.20.0. The full product names are Kantega SAML SSO OIDC Kerberos Single Signon for Jira Data Center Server Kantega SSO Enterprise, Kantega SAML SSO OIDC Kerberos Single Signon for Confluence Data Center Server Kantega SSO Enterprise, Kantega SAML SSO OIDC Kerberos Single Signon for Bitbucket Data Center Server Kantega SSO Enterprise, Kantega SAML SSO OIDC Kerberos Single Signon for Bamboo Data Center Server Kantega SSO Enterprise, and Kantega SAML SSO OIDC Kerberos Single Signon for FeCru Server Kantega SSO Enterprise. Here, FeCru refers to the Atlassian Fisheye and Crucible products running together.📖 Read more
Via "National Vulnerability Database"
👍1
‼️CVE-2023-50559‼️
📖 Read more
Via "National Vulnerability Database"
An issue was discovered in XiangShan v2.1, allows local attackers to obtain sensitive information via the L1D cache.📖 Read more
Via "National Vulnerability Database"
Hi community! 🌟
We'd like to let you know that, due to technical changes in the source from which we retrieve CVEs, we can now only send CVEs once a day to this channel. We're thinking about creating a new channel just for CVEs, while keeping this space for sharing news (as usual).
What do you think? What would you prefer (your decision will be the one we go with)?
Sorry for any inconvenience. 🙏
Let's keep staying informed together! 🧑💻
We'd like to let you know that, due to technical changes in the source from which we retrieve CVEs, we can now only send CVEs once a day to this channel. We're thinking about creating a new channel just for CVEs, while keeping this space for sharing news (as usual).
What do you think? What would you prefer (your decision will be the one we go with)?
Sorry for any inconvenience. 🙏
Let's keep staying informed together! 🧑💻
👍7
What's your preference for our channels? 🤔
Anonymous Poll
40%
Keep CVEs and news together in this channel.
60%
Create a new channel exclusively for CVEs.
‼️CVE-2023-41542‼️
📖 Read more
Via "National Vulnerability Database"
SQL injection vulnerability in jeecgboot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreportqurestSql component.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-41543‼️
📖 Read more
Via "National Vulnerability Database"
SQL injection vulnerability in jeecgboot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component sysreplicatecheck.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2022-46486‼️
📖 Read more
Via "National Vulnerability Database"
A lack of pointervalidation logic in the sconedispatch component of SCONE before v5.8.0 for Intel SGX allows attackers to access sensitive information.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2022-46487‼️
📖 Read more
Via "National Vulnerability Database"
Improper initialization of x87 and SSE floatingpoint configuration registers in the sconeentry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floatingpoint operations in an enclave or access sensitive information via sidechannel analysis.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-38021‼️
📖 Read more
Via "National Vulnerability Database"
An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager CCM Platform before 3.32 for Intel SGX. Lack of pointeralignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclaveecall function and system call layer.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-38022‼️
📖 Read more
Via "National Vulnerability Database"
An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager CCM Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgxiswithinuser.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-38023‼️
📖 Read more
Via "National Vulnerability Database"
An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointeralignment logic in sconedispatch and other entry functions allows a local attacker to access unauthorized information, aka an "AEPIC Leak."📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-41544‼️
📖 Read more
Via "National Vulnerability Database"
SSTI injection vulnerability in jeecgboot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the jmreportloadTableData component.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-52252‼️
📖 Read more
Via "National Vulnerability Database"
Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded AccessControlAllowOrigin for the Remote upload endpoint.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-52257‼️
📖 Read more
Via "National Vulnerability Database"
LogoBee 0.2 allows updates.php?id XSS.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-7172‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Dashboard. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB249356.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2018-25096‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability was found in MdAlAminaol Own Health Record 0.1alpha0.2alpha0.3alpha0.3.1alpha. It has been rated as problematic. This issue affects some unknown processing of the file includeslogout.php. The manipulation leads to crosssite request forgery. The attack may be initiated remotely. Upgrading to version 0.4alpha is able to address this issue. The patch is named 58b413aa40820b49070782c786c526850ab7748f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB249191.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-7173‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file registration.php. The manipulation of the argument First Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB249357 was assigned to this vulnerability.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-7175‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability was found in Campcodes Online College Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file adminborrowadd.php of the component HTTP POST Request Handler. The manipulation of the argument student leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB249362 is the identifier assigned to this vulnerability.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50550‼️
📖 Read more
Via "National Vulnerability Database"
layui up to v2.74 was discovered to contain a crosssite scripting XSS vulnerability via the datacontent parameter.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50578‼️
📖 Read more
Via "National Vulnerability Database"
Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at contentlist.do.📖 Read more
Via "National Vulnerability Database"