Security
Headlines
HeadlinesLatestCVEs

Search

lenovo warranty check/lookup | check warranty status | lenovo support us

Found 10000 results in 57 ms.

CVE-2022-29414: Subscribe To Comments Reloaded

Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system settings, plugin options settings, generate a new key, reset all options, change notifications settings, management page settings, comment form settings, manage subscriptions > mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subscription.

CVE
#sql#xss#csrf#vulnerability#web#google#nodejs#js#java#wordpress#php#perl#auth#ssl
Russian Radio Station Hacked to Broadcast Ukrainian National Anthem

By Waqas The Kommersant FM’s online bulletin was suddenly interrupted to play Ukraine’s anthem and anti-war songs by anti-war hackers… This is a post from HackRead.com Read the original post: Russian Radio Station Hacked to Broadcast Ukrainian National Anthem

CVE-2023-31903: OffSec’s Exploit Database Archive

GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file.

GuppY CMS 6.00.10 Shell Upload

GuppY CMS version 6.00.10 suffers from an authenticated remote shell upload vulnerability.

CVE-2023-37250: CERT/CC Vulnerability Note VU#287122

Unity Parsec before 8 has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in "Per User" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs.

CVE-2023-41103: CVE-2023-41103 - Excellium Services

Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in several locations, allowing an attacker to store a JavaScript payload.

CVE-2017-16877: Release 2.4.1 · vercel/next.js

ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.

London’s city transport hit by cybersecurity incident

Transport for London (TfL) is apparently fighting a cybersecurity incident but is rather sparing in providing details

A Fintech Horror Story: How One Company Prioritizes Cybersecurity

A password link that didn't expire leads to the discovery of exposed personal information at a payments service.

GHSA-h4rr-f37j-4hh7: Mattermost Incorrect Authorization vulnerability

Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to check the "Allow Users to View Archived Channels" configuration when fetching channel metadata of a post from archived channels, which allows authenticated users to access such information when a channel is archived.