Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2022-45543: Vulnerability - Discuz X3.4 Backend Reflected XSS (CVE-2022-45543)

Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search.

CVE
Open in Source
#xss#vulnerability#web#mac#apple#git#java#intel#php#auth#chrome#webkit
Update Now: iOS Devices Receive Vital Security Updates from Apple

By Deeba Ahmed If you are using an Apple product, it is time to update it right now and make sure the automatic updates are enabled. This is a post from HackRead.com Read the original post: Update Now: iOS Devices Receive Vital Security Updates from Apple

Google Rolling Out Privacy Sandbox Beta on Android 13 Devices

Google announced on Tuesday that it's officially rolling out Privacy Sandbox on Android in beta to eligible mobile devices running Android 13. "The Privacy Sandbox Beta provides new APIs that are designed with privacy at the core, and don't use identifiers that can track your activity across apps and websites," the search and advertising giant said. "Apps that choose to participate in the Beta

Update Now: Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities

Microsoft on Tuesday released security updates to address 75 flaws spanning its product portfolio, three of which have come under active exploitation in the wild. The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based Edge browser over the past month. Of the 75 vulnerabilities, nine are rated Critical and 66 are rated Important in severity. 37 out of 75 bugs are

CVE-2023-21720

Microsoft Edge (Chromium-based) Tampering Vulnerability

CVE-2023-23374

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVE-2023-21794

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2023-25725: The Reliable, High Performance TCP/HTTP Load Balancer

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.

Password manager security: Which is the right option for me?

The first guide of our two-part series helps consumers choose the best way to manage their login credentials