Security
Headlines
HeadlinesLatestCVEs

Tag

#git

TDECU data breach affects half a million people

The Texas Dow Employees Credit Union (TDECU) has disclosed a data breach of 500,474 people, related to the MOVEit vulnerability.

Malwarebytes
#vulnerability#web#git#auth
PSA: These ‘Microsoft Support’ ploys may just fool you

We came a cross a clever abuse of Google and Microsoft's services that fooled us for a minute. See if you could have spotted it.

GHSA-22xm-w7r2-834q: FastAPI Admin cross-site scripting (XSS) vulnerability in the Create Product function

A cross-site scripting (XSS) vulnerability in the Create Product function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.

GHSA-grqx-r2q2-j425: FastAPI Admin Cross-site Scripting vulnerability in the Config-Create function

A cross-site scripting (XSS) vulnerability in the Config-Create function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.

GHSA-6jrj-vc65-c983: unzip-stream allows Arbitrary File Write via artifact extraction

### Impact When using the `Extract()` method of unzip-stream, malicious zip files were able to write to paths they shouldn't be allowed to. ### Patches Fixed in 0.3.2 ### References - https://snyk.io/research/zip-slip-vulnerability - https://github.com/mhr3/unzip-stream/compare/v0.3.1...v0.3.2 ### Credits Justin Taft from Google

Invesalius 3.1 Remote Code Execution

Invesalius versions 3.1.99991 through 3.1.99998 suffer from a remote code execution vulnerability. The exploitation steps of this vulnerability involve the use of a specifically crafted DICOM file which, once imported inside the victim's client application, allows an attacker to gain remote code execution.

Move over malware: Why one teen is more worried about AI (re-air) (Lock and Code S05E18)

This week on the Lock and Code podcast, we speak with Nitya Sharma about why AI is a far bigger concern than malware in staying safe.

Calibre Web 0.6.21 Cross Site Scripting

Calibre Web version 0.6.21 suffers from a persistent cross site scripting vulnerability.

Helpdeskz 2.0.2 Cross Site Scripting

Helpdeskz version 2.0.2 suffers from a persistent cross site scripting vulnerability.