CVE-2023-4481
An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of ...
Continue Reading
September 01, 2023
Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Runtime Environment, Java Technology Edition.
## Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, Version 8 which is shipped with IBM MQ (CVE-2023-21930, CVE-2023-21967, CVE-2023-21939, CVE-2023-21938 ...
Continue Reading
August 31, 2023
Netmaker has Hardcoded DNS Secret Key
### Impact Hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. ### Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are usin ...
Continue Reading
August 31, 2023
Hardcoded DNS Key
github.com/gravitl/netmaker uses a Hardcoded DNS Key. The vulnerability exists because the library does not securely set a DNS secret key, which allows an attacker to access DNS related API endpointsR ...
Continue Reading
August 31, 2023
CVE-2023-3636
The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'save_users_map_name' function. This ma ...
Continue Reading
August 31, 2023
CVE-2023-3677
The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to SQL Injection via the pageId parameter in versions up to, and including, 1.2.89 due to insufficient escaping on the user suppl ...
Continue Reading
August 31, 2023
CVE-2023-2229
The Quick Post Duplicator for WordPress is vulnerable to SQL Injection via the âpost_idâ parameter in versions up to, and including, 2.0 due to insufficient escaping on the user supplied par ...
Continue Reading
August 31, 2023
CVE-2023-2188
The Colibri Page Builder for WordPress is vulnerable to SQL Injection via the âpost_idâ parameter in versions up to, and including, 1.0.227 due to insufficient escaping on the user supplied ...
Continue Reading
August 31, 2023
Apache NiFi H2 Connection String Remote Code Execution Exploit
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that ...
Continue Reading
August 31, 2023
Apache NiFi H2 Connection String Remote Code Execution
Post ContentRead More ...
Continue Reading
August 30, 2023
