Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

Jacuzzi customer details could be exposed by SmartTub web bugs, claims researcher

Iconic hot tub manufacturer addresses flaws that also apparently exposed numerous backend services

PortSwigger
#vulnerability#web#ios#android#java#auth#chrome
CVE-2022-33119: nuuo-xss/README.md at main · badboycxcc/nuuo-xss

NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php.

You can be tracked online using your Chrome browser extensions

We look at a new project which uses several techniques to determine which Chrome extensions are being used on a device. The post You can be tracked online using your Chrome browser extensions appeared first on Malwarebytes Labs.

Security vulnerabilities: 5 times that organizations got hacked

In this post, we break down 5 times hackers used security vulnerabilities in 2021 to attack governments and businesses. The post Security vulnerabilities: 5 times that organizations got hacked appeared first on Malwarebytes Labs.

A week in security (June 13 – June 19)

The most important and interesting computer security stories from the last week. The post A week in security (June 13 – June 19) appeared first on Malwarebytes Labs.

Chrome CVE-2022-1096 Incomplete Fix

Chrome suffers from having an incomplete fix for CVE-2022-1096.

Chrome WebGPUDecoderImpl::DoRequestDevice Missing Bounds Check

Chrome suffers from a missing bounds check in WebGPUDecoderImpl::DoRequestDevice.

CVE-2022-31876: uai-poc/unauth.md at main · jayus0821/uai-poc

netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies.

CVE-2022-31875: uai-poc/xss1.md at main · jayus0821/uai-poc

Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an xss vulnerability via the proname parameter in /admin/scheprofile.cgi

CVE-2022-31874: uai-poc/command injection.md at main · jayus0821/uai-poc

ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface.