Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

CVE-2023-46819: The Apache OFBiz® Project - Downloads

Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin. This issue affects Apache OFBiz: before 18.12.09.  Users are recommended to upgrade to version 18.12.09

CVE
Open in Source
#csrf#vulnerability#apache#auth#jira
What a Bloody San Francisco Street Brawl Tells Us About the Age of Citizen Surveillance

When a homeless man attacked a former city official, footage of the onslaught became a rallying cry. Then came another video, and another—and the story turned inside out.

Okta breach happened after employee logged into personal Google account

Okta has concluded that the root cause of its breach was an employee storing company credentials in a private Google account.

Offensive and Defensive AI: Let’s Chat(GPT) About It

ChatGPT: Productivity tool, great for writing poems, and… a security risk?! In this article, we show how threat actors can exploit ChatGPT, but also how defenders can use it for leveling up their game. ChatGPT is the most swiftly growing consumer application to date. The extremely popular generative AI chatbot has the ability to generate human-like, coherent and contextually relevant responses.

CVE-2023-47510: WordPress WPDBSpringClean plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPSolutions-HQ WPDBSpringClean plugin <= 1.6 versions.

CVE-2023-5076: Ziteboard Online Whiteboard <= 2.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via ziteboard Shortcode — Wordfence Intelligence

The Ziteboard Online Whiteboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ziteboard' shortcode in versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2023-43885: Tenda RX9 PRO - Stack Overflow Vulnerability + DoS | CVE-2023-43886 and CVE-2023-43885

Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device.

Experts Warn of Ransomware Hackers Exploiting Atlassian and Apache Flaws

Multiple ransomware groups have begun to actively exploit recently disclosed flaws in Atlassian Confluence and Apache ActiveMQ. Cybersecurity firm Rapid7 said it observed the exploitation of CVE-2023-22518 and CVE-2023-22515 in multiple customer environments, some of which have been leveraged for the deployment of Cerber (aka C3RB3R) ransomware. Both vulnerabilities are critical, allowing threat

Intensified Israeli Surveillance Has Put the West Bank on Lockdown

The West Bank was Israel’s surveillance laboratory. Since the Israel-Hamas war began, Palestinian residents have been locked in for days at a time.

CVE-2023-46998: Document or fix possible XSS vulnerability (via jquery) · Issue #661 · bootboxjs/bootbox

Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions.