Security
Headlines
HeadlinesLatestCVEs

Tag

#git

1 in 5 Youth Engage in Cybercrime, NCA Finds

By Waqas One in five children aged 10-16 in the UK have engaged in online activities that violate the Computer Misuse Act, NCA has revealed. This is a post from HackRead.com Read the original post: 1 in 5 Youth Engage in Cybercrime, NCA Finds

HackRead
Open in Source
#linux#ddos#dos#git#auth
WonderCMS 4.3.2 Cross Site Scripting / Remote Code Execution

WonderCMS version 4.3.2 remote exploit that leverages cross site scripting to achieve remote code execution.

Exploring the Phenomenal Rise of Ethereum as a Digital Asset

By Uzair Amir In this exploration, we delve into the multifaceted layers of Ethereum’s meteoric rise, dissecting the technological breakthroughs, the… This is a post from HackRead.com Read the original post: Exploring the Phenomenal Rise of Ethereum as a Digital Asset

GHSA-4265-ccf5-phj5: Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file

Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress. This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.

GHSA-5jjq-8cvj-v6m9: Cross-site Scripting in Serenity

Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character.

Hackers Claim Data Breach at Staffing Giant Robert Half, Sell Sensitive Data

By Waqas Deja vu at Robert Half? Notorious hackers claim responsibility as the staffing giant makes headlines for yet another alleged data breach in two years. This is a post from HackRead.com Read the original post: Hackers Claim Data Breach at Staffing Giant Robert Half, Sell Sensitive Data

GHSA-7f2v-5877-rx3x: Code injection in REDAXO

An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php.

GHSA-8hp3-rmr7-xh88: Open Redirect in github.com/greenpau/caddy-security

All versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirect_url parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a convincing URL with this parameter. To exploit this vulnerability, the user must take an action, such as clicking on a portal button or using the browser’s back button, to trigger the redirection.

GHSA-vfph-hjfv-cpv2: Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security

All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). Although the application blocks the user after several failed attempts to provide 2FA codes, attackers can bypass this blocking mechanism by automating the application’s full multistep 2FA process.

GHSA-r969-783f-6jqr: Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-security

All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS.