Month: October 2023

Directus denial of service | CVE-2023-45820

October 21, 2023

NAME__________Directus denial of servicePlatforms Affected:Directus Directus 10.4 Directus Directus 10.6.1Risk Level:5.9Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Directus is vulnerable to a denial of...

AI ChatBot plugin for WordPress cross-site request forgery | CVE-2023-5655

October 21, 2023

NAME__________AI ChatBot plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress AI ChatBot plugin for WordPress 4.9.2Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________AI ChatBot plugin...

VMware Workstation and Fusion information disclosure | CVE-2023-34044

October 21, 2023

NAME__________VMware Workstation and Fusion information disclosurePlatforms Affected:VMware Fusion 13 VMware Workstation 17Risk Level:7.1Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________VMware Workstation and Fusion could allow...

Order auto complete for WooCommerce Plugin for WordPress cross-site scripting | CVE-2023-45072

October 21, 2023

NAME__________Order auto complete for WooCommerce Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Order auto complete for WooCommerce Plugin for WordPress 1.2.0Risk...

Artifact Hub directory traversal | CVE-2023-45823

October 21, 2023

NAME__________Artifact Hub directory traversalPlatforms Affected:Artifact Hub Artifact Hub 1.15.0 Artifact Hub Artifact Hub 1.14.0 Artifact Hub Artifact Hub 1.13.0Risk Level:7.5Exploitability:UnprovenConsequences:Obtain...

JustSystems Ichitaro code execution | CVE-2023-35126

October 21, 2023

NAME__________JustSystems Ichitaro code executionPlatforms Affected:JustSystems Ichitaro 2023 1.0.1.59372Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________JustSystems Ichitaro could allow a remote attacker to execute arbitrary...

Form Maker by 10Web Plugin for WordPress cross-site scripting | CVE-2023-45071

October 21, 2023

NAME__________Form Maker by 10Web Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Form Maker by 10Web plugin for WordPress 1.15.19Risk Level:7.2Exploitability:HighConsequences:Cross-Site Scripting...

VMware Fusion privilege escalation | CVE-2023-34045

October 21, 2023

NAME__________VMware Fusion privilege escalationPlatforms Affected:VMware Fusion 13Risk Level:6.6Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________VMware Fusion could allow a local authenticated attacker to gain elevated...

AI ChatBot plugin for WordPress security bypass | CVE-2023-5656

October 21, 2023

NAME__________AI ChatBot plugin for WordPress security bypassPlatforms Affected:WordPress AI ChatBot plugin for WordPress 4.9.2Risk Level:5.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________AI ChatBot plugin for...

JustSystems Ichitaro code execution | CVE-2023-34366

October 21, 2023

Apache Santuario information disclosure | CVE-2023-44483

October 21, 2023

NAME__________Apache Santuario information disclosurePlatforms Affected:Apache Santuario 2.2.5 Apache Santuario 2.3.3 Apache Santuario 3.0.2Risk Level:6.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Apache Santuario could allow a...

Home Assistant cross-site scripting | CVE-2023-41896

October 21, 2023

NAME__________Home Assistant cross-site scriptingPlatforms Affected:Home Assistant Home Assistant 2023.8.4 Home Assistant Home Assistant 2023.8.3 Home Assistant Home Assistant 2023.8.2Risk Level:7.1Exploitability:HighConsequences:Cross-Site...

Home Assistant server-side request forgery | CVE-2023-41899

October 21, 2023

NAME__________Home Assistant server-side request forgeryPlatforms Affected:Home Assistant Home Assistant 2023.8.4 Home Assistant Home Assistant 2023.8.3 Home Assistant Home Assistant 2023.8.2Risk...

Wagtail information disclosure | CVE-2023-45809

October 21, 2023

NAME__________Wagtail information disclosurePlatforms Affected:Wagtail Wagtail 4.2 Wagtail Wagtail 4.1.8 Wagtail Wagtail 5.0.4 Wagtail Wagtail 5.1 Wagtail Wagtail 5.1.2Risk Level:2.7Exploitability:UnprovenConsequences:Obtain Information...

VMware Fusion privilege escalation | CVE-2023-34046

October 21, 2023

NAME__________VMware Fusion privilege escalationPlatforms Affected:VMware Fusion 13Risk Level:6.7Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________VMware Fusion could allow a local authenticated attacker to gain elevated...

JustSystems Ichitaro code execution | CVE-2023-38128

October 21, 2023

Artifact Hub information disclosure | CVE-2023-45822

October 21, 2023

NAME__________Artifact Hub information disclosurePlatforms Affected:Artifact Hub Artifact Hub 1.15.0 Artifact Hub Artifact Hub 1.14.0 Artifact Hub Artifact Hub 1.13.0Risk Level:3.7Exploitability:UnprovenConsequences:Obtain...

Home Assistant information disclosure | CVE-2023-41894

October 21, 2023

NAME__________Home Assistant information disclosurePlatforms Affected:Home Assistant Home Assistant 2023.8.4 Home Assistant Home Assistant 2023.8.3 Home Assistant Home Assistant 2023.8.2Risk Level:5.3Exploitability:UnprovenConsequences:Obtain...

Cisco IOS XE privilege escalation | CVE-2023-20273

October 21, 2023

NAME__________Cisco IOS XE privilege escalationPlatforms Affected:Cisco IOS XE SoftwareRisk Level:7.2Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Cisco IOS XE could allow a remote authenticated attacker...

Artifact Hub hijacking | CVE-2023-45821

October 21, 2023

NAME__________Artifact Hub hijackingPlatforms Affected:Artifact Hub Artifact Hub 1.15.0 Artifact Hub Artifact Hub 1.14.0 Artifact Hub Artifact Hub 1.13.0Risk Level:6.3Exploitability:UnprovenConsequences:Gain Access...

Daily Vulnerability Trends: Sat Oct 21 2023

October 21, 2023

Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2023-20198Cisco is aware of active exploitation of a previously unknown vulnerability in...

Fake Corsair job offers on LinkedIn push DarkGate malware

October 21, 2023

A threat actor is using fake LinkedIn posts and direct messages about a Facebook Ads specialist position at hardware maker Corsair...

Kwik Trip finally confirms cyberattack was behind ongoing outage

October 21, 2023

Two weeks into an ongoing IT outage, Kwik Trip finally confirmed that it's investigating a cyberattack impacting the convenience store...

Cisco discloses new IOS XE zero-day exploited to deploy malware implant

October 21, 2023

Cisco disclosed a new high-severity zero-day (CVE-2023-20273) today, actively exploited to deploy malicious implants on IOS XE devices compromised using...

Month: October 2023

Directus denial of service | CVE-2023-45820

AI ChatBot plugin for WordPress cross-site request forgery | CVE-2023-5655

VMware Workstation and Fusion information disclosure | CVE-2023-34044

Order auto complete for WooCommerce Plugin for WordPress cross-site scripting | CVE-2023-45072

Artifact Hub directory traversal | CVE-2023-45823

JustSystems Ichitaro code execution | CVE-2023-35126

Form Maker by 10Web Plugin for WordPress cross-site scripting | CVE-2023-45071

VMware Fusion privilege escalation | CVE-2023-34045

AI ChatBot plugin for WordPress security bypass | CVE-2023-5656

JustSystems Ichitaro code execution | CVE-2023-34366

Apache Santuario information disclosure | CVE-2023-44483

Home Assistant cross-site scripting | CVE-2023-41896

Home Assistant server-side request forgery | CVE-2023-41899

Wagtail information disclosure | CVE-2023-45809

VMware Fusion privilege escalation | CVE-2023-34046

JustSystems Ichitaro code execution | CVE-2023-38128

Artifact Hub information disclosure | CVE-2023-45822

Home Assistant information disclosure | CVE-2023-41894

Cisco IOS XE privilege escalation | CVE-2023-20273

Artifact Hub hijacking | CVE-2023-45821

Daily Vulnerability Trends: Sat Oct 21 2023

Fake Corsair job offers on LinkedIn push DarkGate malware

Kwik Trip finally confirms cyberattack was behind ongoing outage

Cisco discloses new IOS XE zero-day exploited to deploy malware implant

Advanced Email Attacks Target Manufacturing Sector: Rise of Phishing and BEC

Ransomware Groups Driving 40% of Cyber-Attacks in 2024: Key Insights

MITRE Reveals Top 25 Most Critical Software Flaws of 2024

Microsoft Disrupts Phishing Operations by Seizing 240 Fraudulent Websites

Black Friday Spam Emails: 77% Identified as Scams in 2024

You may have missed