CVE-2023-43381

CVE-2023-43381 is a SQL injection vulnerability affecting Tianchoy Blog v1.8.8. The flaw allows a remote attacker to obtain sensitive information via the id parameter in login.php, due to improper handling of user-supplied input. Multiple connected sources corroborate the existence of the issue a...

Mixin Network Halts Services After $200M Crypto Hack

By Deeba Ahmed Another day, another crypto hack making cybercriminals multi-millionaires in no time, while leaving unsuspecting crypto investors without funds.… This is a post from HackRead.com Read the original post: Mixin Network Halts Services After $200M Crypto Hack...

U.S. Dept Of Defense: Information Disclosure FrontPage Configuration Information

An information disclosure vulnerability was discovered in the Microsoft FrontPage configuration of a subdomain. This vulnerability allowed an attacker to view the version number and scripting paths of Sharepoint using Firefox...

Introducing Easy API Security Deployment

...

Exploit for Out-of-bounds Write in Google Chrome

CVE-2023-4863/CVE-2023-41064 A POC for CVE-2023-48...

Chinese Spies Infected Dozens of Networks With Thumb Drive Malware

Security researchers found USB-based Sogu espionage malware spreading within African operations of European and US firms...

Weaver Xtreme Theme Support < 6.3.1 - Admin+ PHP Object Injection

Description The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog. PoC To simulate a gadget chain, put the following code in a plugin: class Te...

Unsung Hero in Cyber Risk Management

Behind the scenes of the world of vulnerability intelligence and threat hunting...

galatea.blog.bg Cross Site Scripting vulnerability OBB-3694345

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Akamai’s Perspective on September’s Patch Tuesday 2023

...

Choose Your Own Adventure — A Chat About the Future of Edge Computing

...

FileMage Gateway 1.10.9 Local File Inclusion

Exploit Title: FileMage Gateway 1.10.9 - Local File Inclusion Date: 8/22/2023 Exploit Author: Bryce "Raindayzz" Harty Vendor Homepage: https://www.filemage.io/ Version: Azure Versions 1.10.9 Tested on: All Azure deployments 1.10.9 CVE : CVE-2023-39026 Technical Blog -...

WordPress Wishful Blog Theme <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Wishful Blog Type Theme Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28621 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID aead8e265572 Credits László Radnai Required...

CVE-2023-4279

creationtimestamp| type| source ---|---|--- 2023-09-04 16:16:26+00:00| seen| https://t.me/cibsecurity/69784 2023-09-24 08:31:20+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/5193 2025-11-16 20:20:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3m5rjui7ivl2g...

Cross site request forgery (csrf)

The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog...

How to Use Proton Sentinel to Keep Your Accounts Safe

If you want the highest possible level of protection, this is it...

Apple's Decision to Kill Its CSAM Photo-Scanning Tool Sparks Fresh Controversy

Child safety group Heat Initiative plans to launch a campaign pressing Apple on child sexual abuse material scanning and user reporting. The company issued a rare, detailed response on Thursday...

Lichess: Unauthorized Blogs Creation

A vulnerability was identified on the lichess.org website that allowed unauthorized blog creation. By manipulating certain requests and leveraging the session cookies of a different account, an attacker could bypass account-specific limitations and create a blog post on an account that was not ye...

CVE-2023-4035 Simple Blog Card < 1.31 - Contributor+ Stored XSS via Shortcode

The Simple Blog Card WordPress plugin before 1.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-4036 Simple Blog Card < 1.32 - Subscriber+ Arbitrary Post Access

The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones...