PT-2023-27688 · Tenda · Tenda Ac8

Name of the Vulnerable Software and Affected Versions: Tenda AC8 version US AC8V4.0si V16.03.34.06 cn Description: A stack overflow issue was discovered via the parameter list at the "/goform/SetStaticRouteCfg" API endpoint. This issue affects the Tenda AC8 router. Recommendations: For Tenda AC8...

PT-2023-4809 · Unknown · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.9 XWiki Platform versions prior to 15.4RC1 Description: The create action in XWiki Platform is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with...

SUSE CVE-2023-39953

useroidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or known token they also...

Cloudflare Tunnel increasingly abused by cybercriminals

Cloudflare Tunnel provides you with a secure way to connect your resources to Cloudflare without a publicly routable IP address. Cybercriminals are increasingly using this service to keep their activities from being detected. Cloudflare Tunnel, also known by its executable name, Cloudflared,...

CVE-2023-39518 social-media-skeleton stored Cross-site Scripting vulnerability

social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. Versions 1.0.0 until 1.0.3 have a stored cross-site scripting vulnerability. The problem is patched in v1.0.3...

PT-2023-26078 · Unknown · Maid Hiring Management System

Name of the Vulnerable Software and Affected Versions: Maid Hiring Management System version 1.0 Description: The issue is related to a SQL injection vulnerability found in the Search Maid page. This vulnerability could potentially allow unauthorized access to sensitive data. Recommendations: For...

PT-2023-26601 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM version 5.0.0 Description: A SQL injection issue allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the "/QueryView.php" API endpoint. Recommendations: For ChurchCRM version 5.0.0,...

CVE-2023-38695 cypress-image-snapshot vulnerable to insecure snapshot file names

cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in...

PT-2023-5758 · Unknown · Connected Io

Name of the Vulnerable Software and Affected Versions: Connected IO versions 2.1.0 and prior Description: The issue is related to an argument injection vulnerability in the iptables command message of the communication protocol. This vulnerability enables attackers to execute arbitrary OS command...

Patch now! Ivanti Endpoint Manager Mobile Authentication vulnerability used in the wild

The Cybersecurity and Infrastructure Security Agency CISA added one new vulnerability to its Known Exploited Vulnerabilities Catalog affecting Ivanti Endpoint Manager Mobile, based on evidence of active exploitation. All Federal Civilian Executive Branch FCEB agencies must remediate this...

okfish.cz Cross Site Scripting vulnerability OBB-3552557

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

EulerOS Virtualization 3.0.6.6 : git (EulerOS-SA-2023-2424)

According to the versions of the git packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes c...

WordPress External Media Upload Plugin <= 0.3 is vulnerable to Cross Site Scripting (XSS)

Software External Media Upload Type Plugin Vulnerable versions = 0.3 Fixed in 0.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 69ec8e1f8b63 Credits Rafie Muhammad Patchstack Required...

WordPress WP Cloud Server Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Cloud Server Type Plugin Vulnerable versions = 1.3.0 Fixed in 2.0.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 8cdd8c408320 Credits Rafie Muhammad Patchstack Required...

WordPress Meta Tag Manager Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Meta Tag Manager Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID b76d2247c311 Credits Rafie Muhammad Patchstack Required...

WordPress Pretty Grid – Social Feed Gallery Plugin Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Pretty Grid – Social Feed Gallery Plugin Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.3.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 26d1c071d144 Credits Rafie...

WordPress Superfast Mailgun for the Newsletter plugin Plugin < 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Software Superfast Mailgun for the Newsletter plugin Type Plugin Vulnerable versions 1.2.4 Fixed in 1.2.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 05f4a612540e Credits Rafie...

PT-2023-5481 · Advantech · Eki-1522 +2

Name of the Vulnerable Software and Affected Versions: Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 Description: The issue is related to a Stored Cross-Site Scripting vulnerability. This vulnerability can be triggered by authenticated users in the device name field of the...

CVE-2023-34458

CVE-2023-34458 affects mx-chain-go, the official MultiversX blockchain implementation. When executing a relayed transaction, if the inner transaction failed, the inner sender nonce could be incremented, creating a potential limited DoS condition on a targeted account. The issue is resolved by a b...

Unbreakable Enterprise kernel security update

5.4.17-2136.321.4 - tick/common: Align tick period during schedtimer setup Thomas Gleixner Orabug: 35520079 - net/rds: Fix endless rdssendxmit loop if cpindex 0 Gerd Rausch Orabug: 35510149 5.4.17-2136.321.3 - selinux: don't use make's grouped targets feature yet Paul Moore - lib: cpurmap: Fix...