WordPress CM Pop-Up banners Plugin <= 1.5.10 is vulnerable to SQL Injection

Software CM Pop-Up banners Type Plugin Vulnerable versions = 1.5.10 Fixed in 1.6.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-30750 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID a1957d5dbbe6 Credits Dave Jong Patchstack Required privilege...

What does ChatGPT know about phishing?

Can ChatGPT detect phishing links? Hearing all the buzz about the amazing applications of ChatGPT and other language models, our team could not help but ask this question. We work on applying machine learning technologies to cybersecurity tasks, specifically models that analyze websites to detect...

Android Security Bulletin—May 2023Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2023-05-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

Cross-site Scripting (XSS) in DataObject Classification Store

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.21 or apply this patch manually...

GHSA-9Q7Q-R54Q-3F3G Cross-site Scripting (XSS) in DataObject Classification Store

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.21 or apply this patch manually...

Imperva® and Fortanix Partner to Protect Confidential Customer Data

Imperva Data Security Fabric and Fortanix Data Security Manager combine to provide end-to-end data security. Imperva, Inc., @Imperva the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, and Fortanix, Inc. @Fortanix, the Data Security company powered by...

Stay compliant and protect sensitive data with Zero Trust security

Regulatory standards frequently shift and tighten, especially with the rise of hybrid work environments. And with the explosion of data growth, organizations have seen a massive uptick in cybersecurity issues and needs. According to IBM’s 2022 Cost of a Data Breach Report, 83 percent of...

Stay compliant and protect sensitive data with Zero Trust security

Regulatory standards frequently shift and tighten, especially with the rise of hybrid work environments. And with the explosion of data growth, organizations have seen a massive uptick in cybersecurity issues and needs. According to IBM’s 2022 Cost of a Data Breach Report, 83 percent of...

CVE-2023-29579

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the component yasm/yasm+0x43b466 in vsprintf. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code...

Imperva and Kong Partner to Bring API Security to the Gateway for Enhanced API Management

Imperva is delighted to announce a new partnership with Kong Inc, provider of the leading cloud-native API platform, to offer best-in-class API Security to users of the Kong platform. Through the new partnership, Kong Enterprise customers can protect their business applications and data by...

WordPress Booking calendar, Appointment Booking System Plugin <= 3.2.7 is vulnerable to SQL Injection

Software Booking calendar, Appointment Booking System Type Plugin Vulnerable versions = 3.2.7 Fixed in 3.2.8 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-47428 Patch priority Low CVSS severity Low 6.7 Developer Claim ownership PSID be3286ef939c Credits thiennv Required...

WordPress ShopEngine Plugin <= 4.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software ShopEngine Type Plugin Vulnerable versions = 4.1.1 Fixed in 4.2.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-45371 Patch priority Low CVSS severity Low 5.4 Developer Wpmet PSID 491b80f78482 Credits Muhammad Daffa Required privilege...

Microsoft Vulnerability Severity Classification for Online Services Publication

The Microsoft Security Response Center MSRC is always looking for ways to provide clarity and transparency around how we assess the impact of vulnerabilities reported in our products and services. We have published a new Microsoft Vulnerability Severity Classification for Online Services to provi...

マイクロソフトのオンラインサービスにおける、脆弱性の深刻度分類の公開

本ブログは、Microsoft Vulnerability Severity Classification for Online Services Publication の抄訳版です。最新の情報は原文を参照してください。 マイク...

Microsoft Vulnerability Severity Classification for Online Services Publication

The Microsoft Security Response Center MSRC is always looking for ways to provide clarity and transparency around how we assess the impact of vulnerabilities reported in our products and services. We have published a new Microsoft Vulnerability Severity Classification for Online Services to provi...

WordPress Kaya QR Code Generator Plugin <= 1.5.2 is vulnerable to Cross Site Scripting (XSS)

Software Kaya QR Code Generator Type Plugin Vulnerable versions = 1.5.2 Fixed in 1.5.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30784 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e6805ca51cf5 Credits Mika Required...

Protect intellectual property with Govern 365 and Microsoft Purview

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Global supply chains face a broad range of risks, from physical threats to cybersecurity threats. Sharing information with suppliers is essential for the supply chain to function...

WordPress Landing Page Builder – Free Landing Page Templates Plugin <= 3.1.9.9 is vulnerable to Local File Inclusion

Software Landing Page Builder – Free Landing Page Templates Type Plugin Vulnerable versions = 3.1.9.9 Fixed in 3.2 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-24379 Patch priority Low CVSS severity Low 6.8 Developer Claim ownership PSID e3d21e2cc897 Credits yuyudhn...

WordPress Square Theme <= 2.0.0 is vulnerable to Broken Access Control

Software Square Type Theme Vulnerable versions = 2.0.0 Fixed in 2.0.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-30486 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6813b5262bc4 Credits Dave Jong Patchstack Required privilege...

WordPress Gallery Plugin < 4.7.0 is vulnerable to SQL Injection

Software Gallery Type Plugin Vulnerable versions 4.7.0 Fixed in 4.7.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0765 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 85ca584ad7e5 Credits dc11 Required privilege Author Published 12 April, 2023...