Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2022-31827: CVE_Request/MonstaFTP_v2_10_3_SSRF.md at master · zer0yu/CVE_Request

MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function performFetchRequest at HTTPFetcher.php.

CVE
#vulnerability#web#windows#apple#js#php#ssrf#auth#chrome#webkit
CVE-2022-31393: [Vuln] SSRF vulnerability in `index` Function of `PluginsController.php` File (2.2.5 version) · Issue #76 · Cherry-toto/jizhicms

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.

CVE-2022-22021: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

New Emotet Variant Stealing Users' Credit Card Information from Google Chrome

Image Source: Toptal The notorious Emotet malware has turned to deploy a new module designed to siphon credit card information stored in the Chrome web browser. The credit card stealer, which exclusively singles out Chrome, has the ability to exfiltrate the collected information to different remote command-and-control (C2) servers, according to enterprise security company Proofpoint, which

How a Saxophonist Tricked the KGB by Encrypting Secrets in Music

Using a custom encryption scheme within music notation, Merryl Goldberg and three other US musicians slipped information to Soviet performers and activists known as the Phantom Orchestra.

How a Saxophonist Tricked the KGB by Encrypting Secrets in Music

Using a custom encryption scheme within music notation, Merryl Goldberg and three other US musicians slipped information to Soviet performers and activists known as the Phantom Orchestra.

Talon Grasps Victory at a Jubilant RSAC Innovation Sandbox

Spirits were high at the return of the in-person contest, which kicked off by bringing last year's virtual event winner on stage.

CVE-2022-1997: Bypass filter - Stored XSS in Resources in rosariosis

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.

WWDC 2022: Apple showcases next-gen security tech at annual developer event

Passkeys, Safety Check, and Private Access Tokens demonstrated during week-long virtual conference