CVE-2023-30961 Palantir Gotham UI bug that could lead to incorrect data classification

Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link...

WordPress Astra Bulk Edit Plugin <= 1.2.7 is vulnerable to Broken Access Control

Software Astra Bulk Edit Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-44148 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID eb8e23601d3b Credits Rafie Muhammad Patchstack...

WordPress ActivityPub Plugin < 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software ActivityPub Type Plugin Vulnerable versions 1.0.0 Fixed in 1.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5057 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7a16cc70d522 Credits Ben Bidner Required privilege...

PT-2023-23090 · Palantir · Palantir Gotham

Name of the Vulnerable Software and Affected Versions: Palantir Gotham affected versions not specified Description: A bug was discovered in Palantir Gotham where the frontend could apply an incorrect classification to a newly created property or link under certain circumstances. Recommendations: ...

CVE-2023-41293

Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality...

CVE-2023-41293

Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality...

CVE-2023-41293

Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality...

CVE-2023-41293

Huawei HarmonyOS DDMP 모듈에서 데이터 보안 분류 계층의 취약점이 보고되었습니다. CVE-2023-41293은 DDMP 모듈의 접근 제어 부재로 인해 원격에서 악용될 수 있으며, 확인된 영향은 기밀성의 손상입니다. NVD 메트릭에 따르면 이 취약점의 공격 벡터는 네트워크이며, 공격의 복잡도는 낮고, 필요 권한은 없음, 사용자 상호작용도 필요하지 않습니다. 기밀성에 높은 영향이 확인되지만, 문서에 제시된 구체적 악용 코드나 실전 공격 정보는 제공되지 않습니다. 패치 버전이나 구체적 수정안은 명시적으로 제시되어 있...

WordPress Defender Security Plugin < 4.1.0 is vulnerable to Bypass Vulnerability

Software Defender Security Type Plugin Vulnerable versions 4.1.0 Fixed in 4.1.0 OWASP Top 10 A1: Broken Access Control Classification Bypass Vulnerability CVE CVE-2023-5089 Patch priority Low CVSS severity Low 5.3 Developer WPMU DEV PSID e45ed857552b Credits Juan Pablo Gomez Postigo Required...

Huawei HarmonyOS Security Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a data security classification hierarchy vulnerability in the module. Successful...

WordPress WP Project Manager Plugin <= 2.6.0 is vulnerable to SQL Injection

Software WP Project Manager Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.6.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-34383 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 02d3661940eb Credits Theodoros Malachias Required privilege...

WordPress Woocommerce Support System Plugin <= 1.2.2 is vulnerable to Broken Access Control

Software Woocommerce Support System Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-41686 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e64e405c119f Credits Mika Require...

WordPress Save as Image plugin by Pdfcrowd Plugin <= 2.16.0 is vulnerable to Cross Site Scripting (XSS)

Software Save as Image plugin by Pdfcrowd Type Plugin Vulnerable versions = 2.16.0 Fixed in 2.16.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40665 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID cfe00b0b6985 Credits Mahe...

WordPress Cookies and Content Security Policy Plugin <= 2.15 is vulnerable to Sensitive Data Exposure

Software Cookies and Content Security Policy Type Plugin Vulnerable versions = 2.15 Fixed in 2.16 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-40662 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 1727f4bf0e4c Credits Mika...

Updating our Vulnerability Severity Classification for AI Systems

The Microsoft Security Response Center MSRC is always looking for ways to provide clarity and transparency around how we assess the impact of vulnerabilities reported in our products and services. To this end, we are announcing the Microsoft Vulnerability Severity Classification for AI Systems, a...

WordPress Simple Ticker Plugin <= 3.05 is vulnerable to Cross Site Scripting (XSS)

Software Simple Ticker Type Plugin Vulnerable versions = 3.05 Fixed in 3.06 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bbbc4c8f4c4a Credits Unknown Required privilege Contributor...

WordPress WP Front User Submit / Front Editor Plugin < 4.0.4 is vulnerable to Cross Site Scripting (XSS)

Software WP Front User Submit / Front Editor Type Plugin Vulnerable versions 4.0.4 Fixed in 4.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1982 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f5fb2f3572ae Credits Vikas...

What is Data Security Posture Management (DSPM)?

Data Security Posture Management is an approach to securing cloud data by ensuring that sensitive data always has the correct security posture - regardless of where it's been duplicated or moved to. So, what is DSPM? Here's a quick example: Let's say you've built an excellent security posture for...

WordPress TI WooCommerce Wishlist Plugin < 2.7.4 is vulnerable to SQL Injection

Software TI WooCommerce Wishlist Type Plugin Vulnerable versions 2.7.4 Fixed in 2.7.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE N/A Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID c17351d59e94 Credits WordFence Required privilege Unauthenticated Publish...

WordPress Redirect Redirection Plugin <= 1.1.3 is vulnerable to Broken Access Control

Software Redirect Redirection Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0958 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 805c41b36a96 Credits WordFence Required...