Vumetric Cybersecurity Portal

Evasive Gelsemium hackers spotted in attack against Asian govt

2023-09-23 15:09

A stealthy advanced persistent threat tracked as Gelsemium was observed in attacks targeting a...

#attack #evasive #hacker

National Student Clearinghouse data breach impacts 890 schools

2023-09-23 14:04

U.S. educational nonprofit National Student Clearinghouse has disclosed a data breach affecting...

#breach #databreach

Air Canada discloses data breach of employee and 'certain records'

2023-09-23 11:16

Air Canada, the flag carrier and the largest airline of Canada, disclosed a cyber security...

#aircanada #breach #canada #databreach

Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics

2023-09-23 11:10

Cybersecurity researchers have discovered a previously undocumented advanced backdoor dubbed...

#backdoor #malware

New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware

2023-09-23 06:12

The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an...

#apple #spyware #zeroday

Cisco to Acquire Splunk for $28 Billion, Accelerating AI-Enabled Security and Observability

2023-09-22 22:45

On Thursday Cisco agreed to buy Splunk in a $28 billion deal intended to address AI-enabled...

#AI #cisco #security

Friday Squid Blogging: New Squid Species

2023-09-22 21:09

New research on fossils has revealed that a vampire-like ancient squid haunted Earth's...

Vulnerabilities by Risk level (Last 12 months)

Risk level	Last 12 months	#
Critical		4189
High		9802
Medium		11270
Low		438

Vulnerabilities by Vendor (Last 12 months)

Vendor	Last 12 months	#
Google		1633
Microsoft		937
Apple		515
Fedoraproject		459
Debian		444

Latest Vulnerabilities

CVE-2023-4716
6.4

The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shortcode in versions up to, and including, 3.10 due to insufficient input...

network

low complexity
CWE-79
CVE-2023-4774
6.4

The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' shortcode in versions up to, and including, 1.0.28 due to insufficient...

network

low complexity
CWE-79
CVE-2023-41614 - Cross-site Scripting vulnerability in ZOO Management System Project ZOO Management System 1.0
4.8

A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

network

low complexity
zoo-management-system-project CWE-79
CVE-2023-41616 - Cross-site Scripting vulnerability in Student Management System Project Student Management System 1.0
4.8

A reflected cross-site scripting (XSS) vulnerability in the Search Student function of Student Management System v1.2.3 and before allows attackers to execute arbitrary Javascript in the context...

network

low complexity
student-management-system-project CWE-79
CVE-2023-43274 - SQL Injection vulnerability in PHPjabbers PHP Shopping Cart 4.2
7.5

Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter.

network

low complexity
phpjabbers CWE-89

Latest Critical Vulnerabilities

CVE-2023-43235 - Out-of-bounds Write vulnerability in Dlink Dir-823G Firmware 1.0.2B05
9.8

D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and EndTime in SetWifiDownSettings.

network

low complexity
dlink CWE-787
critical
CVE-2023-43236 - Out-of-bounds Write vulnerability in Dlink Dir-816 A2 Firmware 1.10Cnb05
9.8

D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi.

network

low complexity
dlink CWE-787
critical
CVE-2023-43237 - Out-of-bounds Write vulnerability in Dlink Dir-816 A2 Firmware 1.10Cnb05
9.8

D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC.

network

low complexity
dlink CWE-787
critical
CVE-2023-43238 - Out-of-bounds Write vulnerability in Dlink Dir-816 A2 Firmware 1.10Cnb05
9.8

D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in form2Dhcpip.cgi.

network

low complexity
dlink CWE-787
critical
CVE-2023-43239 - Out-of-bounds Write vulnerability in Dlink Dir-816 A2 Firmware 1.10Cnb05
9.8

D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC.

network

low complexity
dlink CWE-787
critical
CVE-2023-43240 - Out-of-bounds Write vulnerability in Dlink Dir-816 A2 Firmware 1.10Cnb05
9.8

D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter.

network

low complexity
dlink CWE-787
critical
CVE-2023-43241 - Out-of-bounds Write vulnerability in Dlink Dir-823G Firmware 1.0.2B05
9.8

D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter TXPower and GuardInt in SetWLanRadioSecurity.

network

low complexity
dlink CWE-787
critical
CVE-2023-43242 - Out-of-bounds Write vulnerability in Dlink Dir-816A2 Firmware 1.10Cnb05
9.8

D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList in form2IPQoSTcDel.

network

low complexity
dlink CWE-787
critical