Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Savvy Seahorse Using Fake ChatGPT, Facebook Ads in DNS Investment Scam

By Deeba Ahmed The scammers creates fake investment platforms using popular companies like Tesla, Meta, and Imperial Oil and lures unsuspecting users into depositing funds. This is a post from HackRead.com Read the original post: Savvy Seahorse Using Fake ChatGPT, Facebook Ads in DNS Investment Scam

HackRead
Open in Source
#web#android#windows#git#sap
GHSA-q76r-7p4q-mqpw: Cockpit CMS Cross-Site Scripting vulnerability

A Cross-Site Scripting vulnerability in Cockpit CMS affecting version 2.7.0. This vulnerability could allow an authenticated user to upload an infected PDF file and store a malicious JavaScript payload to be executed when the file is uploaded.

Russia Attacked Ukraine's Power Grid at Least 66 Times to ‘Freeze It Into Submission’

Several of the strikes occurred far from the front lines of the conflict, indicating possible war crimes. Researchers say the attacks likely had devastating impacts on civilians.

GHSA-hwjf-4667-gqwx: Mattermost allows attackers access to posts in channels they are not a member of

Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of.

GHSA-vm9m-57jr-4pxh: Mattermost fails to limit the number of role names

Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request.

GHSA-3g35-v53r-gpxc: Mattermost race condition

A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts.

GHSA-6v6w-h8m6-7mv2: Apache Airflow: DAG Code and Import Error Permissions Ignored

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability

Facebook bug could have allowed attacker to take over accounts

A vulnerability, now fixed, in Facebook could have allowed an attacker to take over a Facebook account without the victim needing to click on anything at all.

GHSA-pfw6-5rx3-xh3c: Mattermost fails to check the "invite_guest" permission

Mattermost fails to check the "invite_guest" permission when inviting guests of other teams to a team, allowing a member with permissions to add other members but not to add guests to add a guest to a team as long as the guest was already a guest in another team of the server

GHSA-6mx3-9qfh-77gj: Mattermost denial of service through long emoji value

Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the server.