CVE-2023-4865

CVE-2023-4865 affects SourceCodester Take-Note App 1.0 and is described as a cross-site request forgery (CSRF) vulnerability. The affected code is not specified; the vulnerability can be exploited remotely, and public/exploitation details have been disclosed (VDB-239350). The available records do...

CVE-2023-4864

A vulnerability, which was classified as problematic, was found in SourceCodester Take-Note App 1.0. This affects an unknown part of the file index.php. The manipulation of the argument noteContent with the input alert'xss' leads to cross site scripting. It is possible to initiate the attack...

CVE-2023-4864

A vulnerability, which was classified as problematic, was found in SourceCodester Take-Note App 1.0. This affects an unknown part of the file index.php. The manipulation of the argument noteContent with the input alert'xss' leads to cross site scripting. It is possible to initiate the attack...

Cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Take-Note App 1.0. This affects an unknown part of the file index.php. The manipulation of the argument noteContent with the input alert'xss' leads to cross site scripting. It is possible to initiate the attack...

CVE-2023-4864 SourceCodester Take-Note App index.php cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Take-Note App 1.0. This affects an unknown part of the file index.php. The manipulation of the argument noteContent with the input alert'xss' leads to cross site scripting. It is possible to initiate the attack...

CVE-2023-4864 SourceCodester Take-Note App index.php cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Take-Note App 1.0. This affects an unknown part of the file index.php. The manipulation of the argument noteContent with the input alert'xss' leads to cross site scripting. It is possible to initiate the attack...

CVE-2023-4864

CVE-2023-4864 affects SourceCodester Take-Note App 1.0. The vulnerability is an XSS in index.php where manipulating the noteContent argument can execute script code (example payload: ). The issue is exploitable remotely and the public exploit has been disclosed (VDB-239349). Multiple connected so...

Take-Note App Cross-Site Request Forgery Vulnerability

Take-Note App is a note-taking application by the individual developer Remy Andrade. A cross-site request forgery vulnerability exists in Take-Note App version 1.0. An attacker can exploit this vulnerability to perform cross-site request forgery attacks...

SourceCodester Take-Note App Cross-Site Scripting Vulnerability

Take-Note App is a note-taking application by the individual developer Remy Andrade. A cross-site scripting vulnerability exists in SourceCodester Take-Note App, which originates from a cross-site scripting attack via index.php...

Fedora 37 : php-phpmailer6 (2023-f2be748f28)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-f2be748f28 advisory. Minor security note The DSN support added in 6.8.0 reflects the DSN back to the user in an error message if it is invalid. If a DSN uses user-supplied input ...

PT-2023-18329 · Unknown · Bluetooth Host

Name of the Vulnerable Software and Affected Versions: Bluetooth HOST affected versions not specified Description: The issue is related to a Transient Denial of Service DOS in the Bluetooth HOST. It occurs when passing a descriptor to validate a blacklisted Bluetooth keyboard. There is no...

BELL-CVE-2022-2057 CVE-2022-2057 does not affect BellSoft software

Bulletin has no description...

The vulnerability of the Joplin note-taking application, related to the lack of measures taken to protect the website structure, allows a hacker to execute arbitrary code.

The vulnerability of the Joplin note-taking application is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Unveiling New Windows Ransomware Named Trash Panda

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Trash Panda is a ransomware that encrypts files on Windows machines, replaces the desktop wallpaper, and drops a ransom note with political messages. It adds a ‘.monochrome’ extension to the encrypted...

UBUNTU-CVE-2022-46884

A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash. Note: This advisory was added on December 13th, 2022 after discovering it was inadvertently left...

PT-2023-4775 · Microsoft · Office Onenote

Name of the Vulnerable Software and Affected Versions: Microsoft OneNote affected versions not specified Description: The issue is related to errors in the representation of information by the user interface, which can be exploited by a remote attacker to conduct spoofing attacks. This allows...

Design/Logic Flaw

Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version 4.8.0 contains a...

What Cisco Talos knows about the Rhysida ransomware

Cisco Talos is aware of the recent advisory published by the U.S. Department of Health and Human Services HHS warning the healthcare industry about Rhysida ransomware activity. As weve discussed recently, there has been huge growth in the ransomware and extortion space, potentially linked to the...

New Yashma Ransomware Variant Targets Multiple English-Speaking Countries

An unknown threat actor is using a variant of the Yashma ransomware to target various entities in English-speaking countries, Bulgaria, China, and Vietnam at least since June 4, 2023. Cisco Talos, in a new write-up, attributed the operation with moderate confidence to an adversary of likely...

New threat actor targets Bulgaria, China, Vietnam and other countries with customized Yashma ransomware

Cisco Talos discovered an unknown threat actor, seemingly of Vietnamese origin, conducting a ransomware operation that began at least as early as June 4, 2023. This ongoing attack uses a variant of the Yashma ransomware likely to target multiple geographic areas by mimicking WannaCry...