WordPress 'wp-cron.php' Accessible/Enabled (HTTP) - Active Check

The remote WordPress instance might have a default setup of SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress";...

K85235351: cURL and libcurl vulnerability CVE-2016-8624

Security Advisory Description curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL...

In Review: What GPT-3 Taught ChatGPT in a Year

Amidst the uproar and opinions since November 2022, we look at the possibilities and implications of what OpenAI’s ChatGPT presents to the cybersecurity industry using a comparison to earlier products, like its predecessor GPT-3...

TD Bank: Reflected XSS on marketsandresearch.td.com

Summary: Hi TD security team, there is a reflected XSS vulnerability at http://marketsandresearch.td.com. As you are most likely aware, XSS vulnerabilities can have significant security implications, including allowing an attacker to inject malicious JS code into the application, which is then...

PT-2023-33373 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.226 Description: The issue concerns the removal of used dynamic events, which may lead to security implications. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linu...

PT-2023-33919 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.16 Description: A possible memory leak issue was discovered, which may have potential security implications. The issue was introduced in version v2.6.30 and is fixed in Linux Kernel version v6.0.16...

PT-2023-33318 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.158 Description: The issue concerns the removal of used dynamic events, which may lead to the freeing of buffers. This could potentially have security implications, although the actual impact and attack...

PT-2023-34728 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 2.6.30 through 4.9.336 Description: A possible memory leak issue was identified, which may have potential security implications. The issue was introduced in version 2.6.30 and is fixed in version 4.9.337. Recommendations...

PT-2023-33151 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.12 Description: The issue concerns the removal of used dynamic events, which may lead to security implications. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...

CVE-2020-36643

...

@mattkrick/sanitize-svg vulnerable to Cross-Site Scripting (XSS)

Impact The sanitize-svg package uses a deny-list-pattern to sanitize SVGs to prevent cross-site scripting XSS. In doing so, literal -tags and on-event handlers were detected: typescript ... const svgEl = div.firstElementChild! const attributes = Array.fromsvgEl.attributes.map name = name const...

Can ChatGPT be used to attack your APIs? | API Security Newsletter

The winter solstice is fast approaching, along with the end-of-year holidays - before we know it, itll be 2023 already! And with the fall behind us, our hive has been busy putting the finishing touches on many new and improved capabilities – such as weak JWT detection, API Abuse Prevention, API...

GHSA-VP35-85Q5-9F25 Container build can leak any path on the host into the container

Description Moby is the open source Linux container runtime and set of components used to build a variety of downstream container runtimes, including Docker CE, Mirantis Container Runtime formerly Docker EE, and Docker Desktop. Moby allows for building container images using a set of build...

Container build can leak any path on the host into the container

Description Moby is the open source Linux container runtime and set of components used to build a variety of downstream container runtimes, including Docker CE, Mirantis Container Runtime formerly Docker EE, and Docker Desktop. Moby allows for building container images using a set of build...

Microsoft Security tips for mitigating risk in mergers and acquisitions

Sixty-two percent of organizations that undertake mergers and acquisitions face significant cybersecurity risks or consider cyber risks their biggest concern post-acquisition.1 Threat actors that focus on corporate espionage often target the acquiring company, which we will refer to as the Parent...

Microsoft Security tips for mitigating risk in mergers and acquisitions

Sixty-two percent of organizations that undertake mergers and acquisitions face significant cybersecurity risks or consider cyber risks their biggest concern post-acquisition.1 Threat actors that focus on corporate espionage often target the acquiring company, which we will refer to as the Parent...

Firing Your Entire Cybersecurity Team? Are You Sure?

What on earth were they thinking? That's what we – and other security experts – were wondering when content giant Patreon recently dismissed its entire internal cybersecurity team in exchange for outsourced services. Of course, we don't know the true motivations for this move. But, as outsiders...

Prompt Injection/Extraction Attacks against AI Systems

This is an interesting attack I had not previously considered. The variants are interesting, and I think were just starting to understand their implications...

Facebook engineers aren't sure where all user data is kept

If it takes a village to raise a child, apparently it takes Facebook a team to tell you what data the company keeps about you and where they keep it. In the recently unsealed transcript of a hearing led by "Discovery Special Master" Daniel Garrie, an expert appointed by the court, two Facebook...

CVE-2020-35536

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...