Siemens SIMATIC MV500 Devices Uncontrolled Resource Consumption Vulnerability

SIMATIC MV500 products are fixed optical readers for capturing print, laser, drill, punch and dotted line codes on a variety of different surfaces. Siemens SIMATIC MV500 Devices has an uncontrolled resource consumption vulnerability that can be exploited by an attacker to cause a denial of servic...

Siemens SIMATIC 安全漏洞

SIMATIC MV500 products are fixed optical readers for capturing print, laser, drill, punch and dotted line codes on a variety of different surfaces. Siemens SIMATIC MV500 Devices has an uncontrolled resource consumption vulnerability that can be exploited by attackers to cause a denial of service...

WordPress Buy Me a Coffee Plugin <= 3.7 is vulnerable to Broken Access Control

Software Buy Me a Coffee Type Plugin Vulnerable versions = 3.7 Fixed in 3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2078 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4f9e072d5272 Credits Lana Codes Required privilege...

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 26, 2023 to July 2, 2023)

Last week, there were 66 vulnerabilities disclosed in 56 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities i...

Functions don't update after being called

Lines of code Vulnerability details Impact Without updating the reserve or vault value of tokens after calling different functions, the contract may be prone to inconsistent state, security issues, financial implications, and bad user experience. It is important to review and update the reserve...

Weak Cryptography

github.com/bishopfox/sliver is vulnerable to weak cryptography. The vulnerability exists because it does not properly implement Nacl Box libsodium, which allows an attacker to execute arbitrary codes on implanted devices and intercept user responses...

CVE-2023-36816 Cross-Site Scripting (XSS) at Account creation in 2FAuth

2FA is a Web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Cross site scripting XSS injection can be done via the account/service field. This was tested in docker-compose environment. This vulnerability has been patched in version 4.0.3...

ChatGPT tricked into generating Windows 10 and Windows 11 keys

By Waqas A Twitter user successfully utilized the "grandma exploit" to trick ChatGPT and acquire multiple Windows 10 codes. This is a post from HackRead.com Read the original post: ChatGPT tricked into generating Windows 10 and Windows 11 keys...

Fluhorse: Flutter-Based Android Malware Targets Credit Cards and 2FA Codes

Cybersecurity researchers have shared the inner workings of an Android malware family called Fluhorse. The malware "represents a significant shift as it incorporates the malicious components directly within the Flutter code," Fortinet FortiGuard Labs researcher Axelle Apvrille said in a report...

GHSA-HR9R-8PHQ-5X8J OpenFGA vulnerable to denial of service due to circular relationship

Overview OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when certain Check and ListObjects calls are executed against authorization models that contain circular relationship definitions. Am I Affected? You are affected by this vulnerability if you are using OpenFGA v1.1.0 or...

Directory Traversal

nocodb is vulnerable to Directory Traversal. The vulnerability exists in the fileRead function of attachments.controller.ts and attachment.ctl.ts files, which allows an attacker to fetch arbitrary files on the server by manipulating the path parameter of the /download route, resulting in the...

WordPress WP Directory Kit Plugin < 1.2.0 is vulnerable to Local File Inclusion

Software WP Directory Kit Type Plugin Vulnerable versions 1.2.0 Fixed in 1.2.4 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-2278 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 5c152fb4dc7b Credits Lana Codes Required privilege...

WordPress Go Pricing Plugin <= 3.3.19 is vulnerable to Broken Access Control

Software Go Pricing Type Plugin Vulnerable versions = 3.3.19 Fixed in 3.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2494 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 71975662f90e Credits Lana Codes Required privilege...

WordPress BookIt 2.3.7 Authentication Bypass

On May 22, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in StylemixThemes’s BookIt plugin, which is actively installed on more than 10,000 WordPress websites. The vulnerability makes it possible for...

Exploit for Improper Privilege Management in Wpdeveloper Reviewx

CVE-2023-2833 Mass Exploit Generator by Alucard0x1 This repos...

Command Injection

ImageMagick is vulnerable to Command Injection. The vulnerability exists via video:vsync or video:pixel-format options in VIDEO encoding/decoding which allows an attacker to inject and execute arbitrary codes into the system...

CVE-2023-32712

In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards Institute ANSI escape codes into Splunk log files that, when a vulnerable terminal application reads them, can potentially, at worst, result in possible code execution in the...

CVE-2023-32712

In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards Institute ANSI escape codes into Splunk log files that, when a vulnerable terminal application reads them, can potentially, at worst, result in possible code execution in the...

Code injection

In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards Institute ANSI escape codes into Splunk log files that, when a vulnerable terminal application reads them, can potentially, at worst, result in possible code execution in the...

CVE-2023-32712 Unauthenticated Log Injection in Splunk Enterprise

In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards Institute ANSI escape codes into Splunk log files that, when a vulnerable terminal application reads them, can potentially, at worst, result in possible code execution in the...