CVE-2023-28380 : INTEL AI HACKATHON SOFTWARE UP TO 2.0.0 UNCONTROLLED SEARCH PATH
Description Uncontrolled search path for the Intel(R) AI Hackathon software before version 2.0.0 may allow an unauthenticated user to potentially
CVE-2023-30691 : SAMSUNG SMART PHONE AUTHENTICATIONCONFIG IMPROPER AUTHENTICATION
Description Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1 allows local attacker to privilege escalation. References https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=08 For
CVE-2023-39213 : ZOOM DESKTOP CLIENT/VDI CLIENT UP TO 5.15.1 ON WINDOWS INJECTION
Description Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow
CVE-2023-37483 : SAP POWERDESIGNER 16.7 PROXY ACCESS CONTROL
Description SAP PowerDesigner – version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries
CVE-2023-4180 : SOURCECODESTER FREE HOSPITAL MANAGEMENT SYSTEM FOR SMALL PRACTICES /VM/LOGIN.PHP SQL INJECTION
Description A vulnerability classified as critical was found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by
CVE-2023-39346 : LINUXASMCALLGRAPH ZIP FILE UNRESTRICTED UPLOAD
Description LinuxASMCallGraph is software for drawing the call graph of the programming code. Linux ASMCallGraph before commit 20dba06bd1a3cf260612d4f21547c25002121cd5 allows attackers
CVE-2023-37498 : HCL UNICA PLATFORM GROUP REMOTE CODE EXECUTION
Description A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator.
What Is Broken User Authentication?
Broken user authentication is a security vulnerability that occurs when an application’s authentication mechanisms are not implemented correctly. This vulnerability
CVE-2023-26317 : XIAOMI ROUTER EXTERNAL INTERFACE COMMAND INJECTION
Description A vulnerability has been discovered in Xiaomi routers that could allow command injection through an external interface. This vulnerability
CVE-2023-3364 : GITLAB COMMUNITY EDITION/ENTERPRISE EDITION UP TO 16.2.1 PAYLOADS CE/EE PREVIEW_MARKDOWN RESOURCE CONSUMPTION
Description An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16.0.8, all versions starting
CVE-2023-36089 : D-LINK DIR-645 1.03 PHPCGI_MAIN IMPROPER AUTHENTICATION
Description ** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain
CVE-2023-36542 : APACHE NIFI UP TO 1.22.0 REMOTE RESOURCE CODE INJECTION
Description Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which
CVE-2023-3987 : SOURCECODESTER SIMPLE ONLINE MENS SALON MANAGEMENT SYSTEM 1.0 ID SQL INJECTION
Description A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0. It has been classified as critical.
CVE-2023-3974 : JGRAPH DRAWIO UP TO 21.3.X OS COMMAND INJECTION
Description OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0. References https://github.com/jgraph/drawio/commit/9d6532de36496e77d872d91b1947bb696607d623 https://huntr.dev/bounties/ce75aa04-e4d6-4e0a-9db0-ae84c46ae9e2 For More Information CVERecord
CVE-2023-32393 : APPLE IOS/IPADOS WEB CONTENT MEMORY CORRUPTION
Description The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura
CVE-2023-2640 : UBUNTU LINUX OVERLAYFS AUTHORIZATION
Description On Ubuntu kernels carrying both c914c0e27eb0 and “UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs”, an unprivileged user
What Is Credential Cracking And How Does It Work?
What is called Credential in cyber security and its uses? In cybersecurity, credentials refer to the information used to authenticate
CVE-2023-35078 : IVANTI ENDPOINT MANAGER MOBILE UP TO 11.10 IMPROPER AUTHENTICATION
Description Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative
CVE-2023-37903 : VM2 UP TO 3.9.19 CUSTOM INSPECTION OS COMMAND INJECTION
Description vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom
CVE-2023-35087 : ASUS RT-AX56U V2/RT-AC86U CM_PROCESSCHANGEDCONFIGMSG FORMAT STRING
Description It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking
CVE-2023-37292 : HGIGA ISHERLOCK PRIOR 4.5-174/5.5-174 OS COMMAND INJECTION
Description Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in HGiga iSherlock 4.5 (iSherlock-user
What Is Broken Object Level Authorization? How To Prevent Such Vulnerabilities?
Broken Object Level Authorization is a security vulnerability that allows an attacker to access and manipulate data or functionality that
What Is OWASP Automated Threat (OAT – 019) – Account Creation?
Account creation is an essential process in web application security, but it is also a target for automated attacks. One
What Is A Brute Force Attack? What Are The Measures To Prevent Brute-force Attacks?
A brute-force attack is a method of guessing a password or other authentication credential by trying multiple combinations until the