CVE-2023-3266 : CYBERPOWER POWERPANEL ENTERPRISE 2.6.0 LDAP AUTHENTICATION SECURITY CHECK
Description A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if
What Is Excessive Data Exposure?
Excessive data exposure is a security vulnerability that occurs when an application exposes more data than is necessary to users
CVE-2023-0871 : OPENMNS HORIZON/MERIDIAN XML EXTERNAL ENTITY REFERENCE
Description XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable
Battling Bot Attacks & Fraud On APIs With Prophaze WAF
Attacks on Application Programming Interfaces (APIs) have become significant cybersecurity challenges in today’s digital landscape. Bot attacks on APIs involve
10 Essential Steps To Detect And Counter Bot Activity
Bots have become a dominant force on the internet, with both positive and negative consequences. While some bots contribute to
CVE-2023-28380 : INTEL AI HACKATHON SOFTWARE UP TO 2.0.0 UNCONTROLLED SEARCH PATH
Description Uncontrolled search path for the Intel(R) AI Hackathon software before version 2.0.0 may allow an unauthenticated user to potentially
CVE-2023-30691 : SAMSUNG SMART PHONE AUTHENTICATIONCONFIG IMPROPER AUTHENTICATION
Description Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1 allows local attacker to privilege escalation. References https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=08 For
CVE-2023-39213 : ZOOM DESKTOP CLIENT/VDI CLIENT UP TO 5.15.1 ON WINDOWS INJECTION
Description Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow
CVE-2023-37483 : SAP POWERDESIGNER 16.7 PROXY ACCESS CONTROL
Description SAP PowerDesigner – version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries
CVE-2023-4180 : SOURCECODESTER FREE HOSPITAL MANAGEMENT SYSTEM FOR SMALL PRACTICES /VM/LOGIN.PHP SQL INJECTION
Description A vulnerability classified as critical was found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by
CVE-2023-39346 : LINUXASMCALLGRAPH ZIP FILE UNRESTRICTED UPLOAD
Description LinuxASMCallGraph is software for drawing the call graph of the programming code. Linux ASMCallGraph before commit 20dba06bd1a3cf260612d4f21547c25002121cd5 allows attackers
CVE-2023-37498 : HCL UNICA PLATFORM GROUP REMOTE CODE EXECUTION
Description A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator.
What Is Broken User Authentication?
Broken user authentication is a security vulnerability that occurs when an application’s authentication mechanisms are not implemented correctly. This vulnerability
CVE-2023-26317 : XIAOMI ROUTER EXTERNAL INTERFACE COMMAND INJECTION
Description A vulnerability has been discovered in Xiaomi routers that could allow command injection through an external interface. This vulnerability
CVE-2023-3364 : GITLAB COMMUNITY EDITION/ENTERPRISE EDITION UP TO 16.2.1 PAYLOADS CE/EE PREVIEW_MARKDOWN RESOURCE CONSUMPTION
Description An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16.0.8, all versions starting
CVE-2023-36089 : D-LINK DIR-645 1.03 PHPCGI_MAIN IMPROPER AUTHENTICATION
Description ** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain
CVE-2023-36542 : APACHE NIFI UP TO 1.22.0 REMOTE RESOURCE CODE INJECTION
Description Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which
CVE-2023-3987 : SOURCECODESTER SIMPLE ONLINE MENS SALON MANAGEMENT SYSTEM 1.0 ID SQL INJECTION
Description A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0. It has been classified as critical.
CVE-2023-3974 : JGRAPH DRAWIO UP TO 21.3.X OS COMMAND INJECTION
Description OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0. References https://github.com/jgraph/drawio/commit/9d6532de36496e77d872d91b1947bb696607d623 https://huntr.dev/bounties/ce75aa04-e4d6-4e0a-9db0-ae84c46ae9e2 For More Information CVERecord
CVE-2023-32393 : APPLE IOS/IPADOS WEB CONTENT MEMORY CORRUPTION
Description The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura
CVE-2023-2640 : UBUNTU LINUX OVERLAYFS AUTHORIZATION
Description On Ubuntu kernels carrying both c914c0e27eb0 and “UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs”, an unprivileged user
What Is Credential Cracking And How Does It Work?
What is called Credential in cyber security and its uses? In cybersecurity, credentials refer to the information used to authenticate
CVE-2023-35078 : IVANTI ENDPOINT MANAGER MOBILE UP TO 11.10 IMPROPER AUTHENTICATION
Description Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative
CVE-2023-37903 : VM2 UP TO 3.9.19 CUSTOM INSPECTION OS COMMAND INJECTION
Description vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom