CVE-2023-4481
An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of ...
Continue Reading
September 01, 2023
Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Runtime Environment, Java Technology Edition.
## Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, Version 8 which is shipped with IBM MQ (CVE-2023-21930, CVE-2023-21967, CVE-2023-21939, CVE-2023-21938 ...
Continue Reading
August 31, 2023
Netmaker has Hardcoded DNS Secret Key
### Impact Hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. ### Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are usin ...
Continue Reading
August 31, 2023
Hardcoded DNS Key
github.com/gravitl/netmaker uses a Hardcoded DNS Key. The vulnerability exists because the library does not securely set a DNS secret key, which allows an attacker to access DNS related API endpointsR ...
Continue Reading
August 31, 2023
Wordfence Intelligence Weekly WordPress Vulnerability Report (August 21, 2023 to August 27, 2023)
Last week, there were 43 vulnerabilities disclosed in 38 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 23 Vulnerab ...
Continue Reading
August 31, 2023
CVE-2023-4000
The Waiting: One-click countdowns plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.2. This is due to missing or incorrect nonce validation on its ...
Continue Reading
August 31, 2023
CVE-2023-3999
The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on its AJAX calls in versions up to, and including, 0.6.2. This makes it p ...
Continue Reading
August 31, 2023
CVE-2023-3764
The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.90. This is due to missing or incorrect nonce validation on t ...
Continue Reading
August 31, 2023
CVE-2023-4500
The Order Tracking Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the order status parameter in versions up to, and including, 3.3.6 due to insufficient input sanitization a ...
Continue Reading
August 31, 2023
CVE-2023-4161
The WooCommerce PDF Invoice Builder for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the SaveCustomField function in versions up to, and including, 1.2.90. Thi ...
Continue Reading
August 31, 2023
