CVE 2023-20887 was discovered in the VMware Aria Operations with a CVSS score of 9.8 which leads to VMware Aria.
CloudSEK’s researchers identified that multiple applications do not invalidate or revalidate session cookies if app data is transferred from one device to another.
Hackers Can Target Mailchimp Users By Exploiting a Dependency Confusion Bug
Popular payment gateway provider flaw: Transactions with same OTP
CVE-2023-42027 IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multi platforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts
CVE-2023-43792 is a code injection vulnerability in the mail form of baserCMS versions 4.6.0 to 4.7.6. This vulnerability allows an attacker to inject arbitrary code into the baserCMS application, which could then be executed by other users of the application.
CVE-2023-4197 Improper input validation in Dolibarr ERP CRM v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code
CloudSEK’s Threat Intelligence Team uncovered a campaign, actively running from the past 1.8 years, that attacks and brute forces the SSH.
A hacker known as Tanaka has exposed over 320,000 patient records from ayush.jharkhand.gov.in, detailing personal and medical information. The 7.3 MB database leak includes sensitive data from the AYUSH ministry's site