Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

JobSeeker CMS 1.5 Insecure Settings

JobSeeker CMS version 1.5 suffers from an ignored default credential vulnerability.

Packet Storm
#vulnerability#windows#google#php#auth#firefox
Hotel Management System 1.0 Cross Site Request Forgery

Hotel Management System version 1.0 suffers from a cross site request forgery vulnerability.

Accounting Journal Management System 1.0 Cross Site Request Forgery

Accounting Journal Management System version 1.0 suffers from a cross site request forgery vulnerability.

How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions

An adversary could exploit these vulnerabilities by injecting malicious libraries into Microsoft's applications to gain their entitlements and user-granted permissions.

The Pentagon Is Planning a Drone ‘Hellscape’ to Defend Taiwan

The US Defense Department’s grand strategy for protecting Taiwan from a massive Chinese military offensive involves flooding the zone with thousands of drones.

Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group

A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group, a prolific state-sponsored actor affiliated with North Korea. The security vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), has been described as a privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock. "An attacker who successfully exploited this

GHSA-hxwh-jpp2-84pm: Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.