Description
The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server
Base Score: 9.8 CRITICAL
https://wpscan.com/vulnerability/4dc72cd2-81d7-4a66-86bd-c9cfaf690eed
CVE-2023-20025 Description A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to bypass authentication on the affected device. This vulnerability is due to incorrect user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending crafted requests to the web-based […]
CVE-2023-21535 Description Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21548. Base Score: 8.1 HIGH https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21535 __________________________________ CVE-2023-21532 Description Windows GDI Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21552. Base Score: 7.0 HIGH https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21532 ___________________________________ CVE-2023-21531 Description Azure Service Fabric Container Elevation of Privilege Vulnerability. Base […]
CVE-2022-46609 Description Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and e772e0beee284c50946e94c54a1d43071ca78b74 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. Base Score: 9.8 CRITICAL https://github.com/herry-zhang/Python3-RESTfulAPI/commit/1c2081dca357685b3180b9baeb7e761e9a10ca99 _______________________________ CVE-2022-44832 Description D-Link DIR-3040 device with firmware 120B03 was discovered to contain a […]
Leave a Reply