138 matches found
The vulnerability of the Contact Form Generator plugin, which is designed for creating contact forms on WordPress websites, allows a hacker to perform XSS attacks.
The vulnerability of the Contact Form Generator plugin, which is designed for creating contact forms on WordPress websites, exists due to the lack of security measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotel...
Security Bulletin: Vulnerability in Python Cryptographic Authority cryptography affects IBM Process Mining . CVE-2023-38325
Summary There is a vulnerability in Python Cryptographic Authority cryptography that could allow a remote authenticated attacker to launch attacks on the system . The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerabili...
PT-2023-24837 · Soar Cloud · Soar Cloud Ltd. Hr Portal
Name of the Vulnerable Software and Affected Versions: Soar Cloud Ltd. HR Portal affected versions not specified Description: The issue concerns a weak Password Recovery Mechanism for Forgotten Password in the Soar Cloud Ltd. HR Portal. The reset password link sent out through e-mail remains vali...
The vulnerability of the WebShare component of the Google Chrome browser for Android allows a hacker to manipulate the URL bar content.
The vulnerability of the WebShare component of the Google Chrome browser for Android is related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to manipulate the URL input using a specially created HTML page...
Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.12 and earlier
Summary This fix upgrades to node 18.16.1. Vulnerability Details CVEID:CVE-2023-30584 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by a path traversal bypass when verifying file permissions. By sending a specially crafted request, an attacker could...
Security Bulletin: IBM WebSphere Application Server could provide weaker than expected security (CVE-2023-35890)
Summary IBM WebSphere Application Server could provide weaker than expected security. This has been addressed in the Remediation/Fixes section. Vulnerability Details CVEID:CVE-2023-35890 DESCRIPTION: IBM WebSphere Application Server could provide weaker than expected security, caused by the...
CVE-2023-31761
Weak security in the transmitter of Blitzwolf BW-IS22 Smart Home Security Alarm v1.0 allows attackers to gain full access to the system via a code replay attack...
CVE-2023-31763
Weak security in the transmitter of AGShome Smart Alarm v1.0 allows attackers to gain full access to the system via a code replay attack...
CVE-2023-31761
Weak security in the transmitter of Blitzwolf BW-IS22 Smart Home Security Alarm v1.0 allows attackers to gain full access to the system via a code replay attack...
CVE-2023-31763
Weak security in the transmitter of AGShome Smart Alarm v1.0 allows attackers to gain full access to the system via a code replay attack...
CVE-2023-31759
Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full access via a code replay attack...
CVE-2023-31763
CVE-2023-31763 affects the AGShome Smart Alarm v1.0 transmitter. The vulnerability stems from weak security in the transmitter, enabling a code replay attack that could give an attacker full access to the system. The NVD/CVE records indicate a base score of 7.5 (HIGH) with AV:A, AC:H, PR:N, UI:N,...
The vulnerability of Google Chrome’s Picture-in-Picture (PiP) technology, which allows attackers to carry out phishing attacks.
The vulnerability of Google Chrome’s Picture-in-Picture PiP technology is related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to carry out phishing attacks using a specially created HTML page...
The vulnerability of Google Chrome browser extensions, which allows a violator to disclose protected information
The vulnerability of Google Chrome’s browser extensions is related to improperly implemented security checks for standard elements. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose protected information...
IBM WebSphere Automation 授权问题漏洞
IBM WebSphere Automation is an operations platform from International Business Machines IBM. automates operational activities to proactively mitigate security risks and accelerate threat remediation. A security vulnerability exists in IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps...
CVE-2022-41710
Markdownify version 1.4.1 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Markdownify. This is possible because the application does not have a CSP policy or at least not strict enough and/or does not...
Security Bulletin: IBM Sterling Order Management Netty 4.1.34 vulnerablity
Summary Netty could provide various potential exploitable entry points icnluding weaker than expected security, netty-codec is vulnerable to a denial of service, and HTTP request smuggling Vulnerability Details CVEID:CVE-2019-20445 DESCRIPTION: Netty could provide weaker than expected security,...
PT-2022-14068 · Unknown · Keep My Notes
Name of the Vulnerable Software and Affected Versions: Keep My Notes version 1.80.147 Description: The issue allows an attacker with physical access to the victim's device to bypass the application's password/pin lock, accessing user data due to inadequate security controls that fail to prevent...
Weak Security Controls and Practices Routinely Exploited for Initial Access
The cybersecurity authorities of the United States, Canada, New Zealand, the Netherlands, and the United Kingdom have issued a joint Cybersecurity Advisory CSA on 10 routinely exploited weak security controls, poor configurations, and bad practices that allow malicious actors to compromise...
Security Bulletin: Vulnerability in Flask and Python affects IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2021-33026, CVE-2022-0391)
Summary Elevation of privileges vulnerability in Flask and weaker than expected security in Python can affect IBM Spectrum Protect Plus Microsoft® File Systems backup and restore. Vulnerability Details CVEID: CVE-2021-33026 DESCRIPTION: Flask-Caching extension for Flask could allow a local...