Month: August 2023

DedeCMS freelist_add.php cross-site scripting | CVE-2023-40876

August 29, 2023

NAME__________DedeCMS freelist_add.php cross-site scriptingPlatforms Affected:DedeCMS DedeCMS 5.7.110Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________DedeCMS is vulnerable to cross-site scripting, caused by improper validation of...

ZTE MF286R command execution | CVE-2023-25649

August 29, 2023

NAME__________ZTE MF286R command executionPlatforms Affected:ZTE MF286R CR_LVWRGBMF286RV1.0.0B04Risk Level:6.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________ZTE MF286R could allow a remote attacker to execute arbitrary commands...

DedeCMS vote_edit.php cross-site scripting | CVE-2023-40875

August 29, 2023

NAME__________DedeCMS vote_edit.php cross-site scriptingPlatforms Affected:DedeCMS DedeCMS 5.7.110Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________DedeCMS is vulnerable to cross-site scripting, caused by improper validation of...

FV Flowplayer Video Player Plugin for WordPress cross-site scripting | CVE-2023-4520

August 29, 2023

NAME__________FV Flowplayer Video Player Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress FV Flowplayer Video Player Plugin for WordPress 7.5.37.7212Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting...

DedeCMS freelist_edit.php cross-site scripting | CVE-2023-40877

August 29, 2023

NAME__________DedeCMS freelist_edit.php cross-site scriptingPlatforms Affected:DedeCMS DedeCMS 5.7.110Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________DedeCMS is vulnerable to cross-site scripting, caused by improper validation of...

CloudExplorer Lite information disclosure | CVE-2023-39519

August 29, 2023

NAME__________CloudExplorer Lite information disclosurePlatforms Affected:CloudExplorer Lite CloudExplorer Lite 1.3.1Risk Level:4.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________CloudExplorer Lite could allow a remote authenticated attacker to...

QNAP QTS and QuTS hero information disclosure | CVE-2023-34972

August 29, 2023

NAME__________QNAP QTS and QuTS hero information disclosurePlatforms Affected:QNAP QTS 5.0.1 QNAP QuTS hero h5.1.0 QNAP QTS 5.1.0Risk Level:3.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________QNAP...

QNAP QTS and QuTS hero weak security | CVE-2023-34971

August 29, 2023

NAME__________QNAP QTS and QuTS hero weak securityPlatforms Affected:QNAP QTS 5.0.1 QNAP QuTS hero h5.1.0 QNAP QTS 5.1.0Risk Level:7.1Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________QNAP...

LaikeTui file upload | CVE-2023-4559

August 29, 2023

NAME__________LaikeTui file uploadPlatforms Affected:LaikeTui LaikeTuiRisk Level:6.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________LaikeTui could allow a remote authenticated attacker to upload arbitrary files, caused by...

JetBrains TeamCity cross-site scripting | CVE-2023-41249

August 29, 2023

NAME__________JetBrains TeamCity cross-site scriptingPlatforms Affected:JetBrains TeamCity 2018.2.1 JetBrains TeamCity 2018.2.2 JetBrains TeamCity 2019.1.1 JetBrains TeamCity 2018.2.4 JetBrains TeamCity 2023.05Risk Level:4.6Exploitability:UnprovenConsequences:Cross-Site...

JetBrains TeamCity cross-site scripting | CVE-2023-41250

August 29, 2023

BuddyForms Plugin for WordPress cross-site scripting | CVE-2023-25981

August 29, 2023

NAME__________BuddyForms Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress BuddyForms Plugin for WordPress 2.8.1Risk Level:6.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________BuddyForms Plugin for WordPress is vulnerable...

Saho ADM-100 and ADM-100FP security bypass | CVE-2023-38030

August 29, 2023

NAME__________Saho ADM-100 and ADM-100FP security bypassPlatforms Affected:Saho ADM-100 0.0.4.0 Saho ADM-100 0.0.4.3 Saho ADM-100 0.0.4.6 Saho ADM-100 0.0.4.8 Saho ADM-100...

video carousel slider with lightbox Plugin for WordPress cross-site scripting | CVE-2023-32797

August 29, 2023

NAME__________video carousel slider with lightbox Plugin for WordPress cross-site scriptingPlatforms Affected:I Thirteen Web Solution video carousel slider with lightbox plugin...

Phoenix Technologies Windows kernel driver security bypass | CVE-2023-35841

August 29, 2023

NAME__________Phoenix Technologies Windows kernel driver security bypassPlatforms Affected:Phoenix Technologies Windows kernel driverRisk Level:3.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Phoenix Technologies Windows kernel driver could...

JetBrains TeamCity cross-site scripting | CVE-2023-41248

August 29, 2023

D-Link DAP-2622 routers security bypass |

August 29, 2023

NAME__________D-Link DAP-2622 routers security bypassPlatforms Affected:D-Link DAP-2622Risk Level:5.4Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________D-Link DAP-2622 routers could allow a remote attacker to bypass security...

D-Link DAP-2622 information disclosure | CVE-2023-35750

August 29, 2023

NAME__________D-Link DAP-2622 information disclosurePlatforms Affected:D-Link DAP-2622Risk Level:7.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________D-Link DAP-2622 could allow a remote attacker to obtain sensitive information, caused...

Month: August 2023

DedeCMS freelist_add.php cross-site scripting | CVE-2023-40876

ZTE MF286R command execution | CVE-2023-25649

DedeCMS vote_edit.php cross-site scripting | CVE-2023-40875

FV Flowplayer Video Player Plugin for WordPress cross-site scripting | CVE-2023-4520

DedeCMS freelist_edit.php cross-site scripting | CVE-2023-40877

CloudExplorer Lite information disclosure | CVE-2023-39519

QNAP QTS and QuTS hero information disclosure | CVE-2023-34972

QNAP QTS and QuTS hero weak security | CVE-2023-34971

LaikeTui file upload | CVE-2023-4559

JetBrains TeamCity cross-site scripting | CVE-2023-41249

JetBrains TeamCity cross-site scripting | CVE-2023-41250

BuddyForms Plugin for WordPress cross-site scripting | CVE-2023-25981

Saho ADM-100 and ADM-100FP security bypass | CVE-2023-38030

video carousel slider with lightbox Plugin for WordPress cross-site scripting | CVE-2023-32797

Phoenix Technologies Windows kernel driver security bypass | CVE-2023-35841

JetBrains TeamCity cross-site scripting | CVE-2023-41248

D-Link DAP-2622 routers security bypass |

D-Link DAP-2622 information disclosure | CVE-2023-35750

NOESCAPE Ransomware Victim: QI Holdings Ltd[.]

NOESCAPE Ransomware Victim: Iina Ba Inc

Four common password mistakes hackers love to exploit

Mom’s Meals discloses data breach impacting 1.2 million people

MalDoc in PDFs: Hiding malicious Word docs in PDF files

Attacks on Citrix NetScaler systems linked to ransomware actor

[INCRANSOM] – Ransomware Victim: United Bakery Equipment

[ARCUSMEDIA] – Ransomware Victim: Symantric IT

[ARCUSMEDIA] – Ransomware Victim: MGEMAL

HackerOne Bug Bounty Disclosure: dom-based-cookie-bomb-in-acronis-com-via-x-clickref-get-parameter-mr-medi

HackerOne Bug Bounty Disclosure: external-storage-global-credentials-returned-to-the-client-side-in-plaintext-tuyenee

You may have missed