Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Red Hat Security Advisory 2023-6220-01

Red Hat Security Advisory 2023-6220-01 - An update is now available for Red Hat OpenShift GitOps 1.10.

Packet Storm
Open in Source
#vulnerability#red_hat#js#git
CVE-2023-48068: cms/dedevCMS/dedeCMS_XSS.md at dreamcms_vul · CP1379767017/cms

DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php.

CVE-2023-48063: cms/There is a CSRF vulnerability at th menu management location.md at dreamcms_vul · CP1379767017/cms

An issue was discovered in dreamer_cms 4.1.3. There is a CSRF vulnerability that can delete a theme project via /admin/category/delete.

CVE-2023-48060: cms/CSRF exists at the location where task management adds tasks.md at main · CP1379767017/cms

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add

CVE-2023-48058: cms/CSRF exists at the task management execution task location.md at main · CP1379767017/cms

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run

Top 5 Marketing Tech SaaS Security Challenges

Effective marketing operations today are driven by the use of Software-as-a-Service (SaaS) applications. Marketing apps such as Salesforce, Hubspot, Outreach, Asana, Monday, and Box empower marketing teams, agencies, freelancers, and subject matter experts to collaborate seamlessly on campaigns and marketing initiatives.  These apps serve as the digital command centers for marketing

Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations

Cybersecurity researchers have discovered what they say is malicious cyber activity orchestrated by two prominent Chinese nation-state hacking groups targeting 24 Cambodian government organizations. "This activity is believed to be part of a long-term espionage campaign," Palo Alto Networks Unit 42 researchers said in a report last week. "The observed activity aligns with geopolitical goals of

Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities

Malaysian law enforcement authorities have announced the takedown of a phishing-as-a-service (PhaaS) operation called BulletProofLink. The Royal Malaysian Police said the effort, which was carried out with assistance from the Australian Federal Police (AFP) and the U.S. Federal Bureau of Investigation (FBI) on November 6, 2023, was based on information that the threat actors behind the platform

CVE-2023-47516: WordPress Category Post List Widget plugin <= 2.0 - CSRF to Cross Site Scripting (XSS) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Stark Digital Category Post List Widget allows Stored XSS.This issue affects Category Post List Widget: from n/a through 2.0.

GHSA-gw7g-qr8w-3448: Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack

Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service (DoS) condition.