ISC Stormcast For Friday, July 25th, 2025 https://isc.sans.edu/podcastdetail/9542 – SANS Internet Storm Center
ISC Stormcast For Friday, July 25th, 2025 https://isc.sans.edu/podcastdetail/9542, (Fri, Jul 25th) Source link
Hacking
Read More
NVD – CVE-2023-5771
CVE-2023-5771 Detail Modified This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes. Description Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially…
NVD – CVE-2023-5530
CVE-2023-5530 Detail Modified This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes. Description The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which…
NVD – CVE-2023-5601
CVE-2023-5601 Detail Modified This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes. Description The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded,…
NVD – CVE-2023-5605
CVE-2023-5605 Detail Modified This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes. Current Description The URL Shortify WordPress plugin before 1.7.9.1 does not sanitise and escape some of its settings, which…
NVD – CVE-2023-45556
CVE-2023-45556 Detail Modified This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes. Description Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via…
NVD – CVE-2023-47004
CVE-2023-47004 Detail Modified This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes. Description Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute…
NVD – CVE-2023-36769
CVE-2023-36769 Detail Modified This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes. Description Microsoft OneNote Spoofing Vulnerability Metrics CVSS Version 4.0 CVSS Version 3.x CVSS Version 2.0 …
Fortifying Your Cloud Against Cross-Service Confused Deputy Attacks
Gartner predicts that worldwide end-user spending on public cloud services will exceed $720 billion in 2025, up from $595.7 billion in 2024. As cloud investments grow, so does reliance on cloud-native architectures, introducing new layers of complexity and risk. One often-overlooked but serious threat in these environments is the Cross-Service Confused Deputy Attack, which can…
NVD – CVE-2023-36409
CVE-2023-36409 Detail Modified This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes. Description Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Metrics CVSS Version 4.0 CVSS Version 3.x CVSS…