Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2023-36887

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVE
Open in Source
#vulnerability#microsoft#rce#chrome
CVE-2023-36888

Microsoft Edge for Android (Chromium-based) Tampering Vulnerability

CVE-2023-38286: GitHub - p1n93r/SpringBootAdmin-thymeleaf-SSTI: SpringBootAdmin-thymeleaf-SSTI which can cause RCE

Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI.

Fake THREADS App Climbs to Number 1 Spot on Apple Store in Europe

By Habiba Rashid Due to privacy concerns, Meta has not yet released the Threads app in EU countries, creating a loophole for criminals to upload fake versions of the app. This is a post from HackRead.com Read the original post: Fake THREADS App Climbs to Number 1 Spot on Apple Store in Europe

CVE-2023-37745: Maid Hiring Management System | Maid Hiring Management Project in PHP

A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Description of the /admin/aboutus.php component.

CVE-2023-37743: Teacher Subject Allocation Management System in PHP | Teacher Subject Allocation Management Project

A cross-site scripting (XSS) vulnerability in Teacher Subject Allocation System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search text box.

Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware

In a sign that cybersecurity researchers continue to be under the radar of malicious actors, a proof-of-concept (PoC) has been discovered on GitHub, concealing a backdoor with a "crafty" persistence method. "In this instance, the PoC is a wolf in sheep's clothing, harboring malicious intent under the guise of a harmless learning tool," Uptycs researchers Nischay Hegde and Siddartha Malladi said.

CVE-2023-36887: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker must send the user a malicious file and convince them to open it.

CVE-2023-36888: Microsoft Edge for Android (Chromium-based) Tampering Vulnerability

**According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability?** The performance can be interrupted and/or reduced, but the attacker cannot fully deny service.

CVE-2023-36888: Microsoft Edge for Android (Chromium-based) Tampering Vulnerability

**According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability?** The performance can be interrupted and/or reduced, but the attacker cannot fully deny service.