Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Over a Dozen Malicious npm Packages Target Roblox Game Developers

More than a dozen malicious packages have been discovered on the npm package repository since the start of August 2023 with capabilities to deploy an open-source information stealer called Luna Token Grabber on systems belonging to Roblox developers. The ongoing campaign, first detected on August 1 by ReversingLabs, employs modules that masquerade as the legitimate package noblox.js, an API

The Hacker News
Open in Source
#web#mac#windows#nodejs#js#git#java#auth#ssh#The Hacker News
GHSA-93wx-j2qv-49fg: hCaptcha for EXT:form Broken Access Control vulnerability

An issue was discovered in the hcaptcha (aka hCaptcha for EXT:form) extension before 2.1.2 for TYPO3. It fails to check that the required captcha field is submitted in the form data. allowing a remote user to bypass the CAPTCHA check.

CVE-2023-41098: fix: [security] reflected xss on dashboard edit · MISP/MISP@09fb0cb

An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit.

The Role of Software Escrow in Mitigating Business Risks

By Owais Sultan Software escrow is an important tool for managing software as a service (SaaS) and on-premise applications. It helps… This is a post from HackRead.com Read the original post: The Role of Software Escrow in Mitigating Business Risks

Learning Management System: What is it and Why do you need it?

By Owais Sultan More and more businesses see the value of investing in knowledge management software, which benefits both the organization… This is a post from HackRead.com Read the original post: Learning Management System: What is it and Why do you need it?

GHSA-7gfq-f96f-g85j: langchain vulnerable to arbitrary code execution

An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via the via the a json file to the load_prompt parameter.

GHSA-gq5f-xv48-2365: Apache XML Graphics Batik Server-Side Request Forgery vulnerability

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.

GHSA-2474-2566-3qxp: Apache Batik information disclosure vulnerability

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL.

GHSA-5pv6-rprw-82wv: Horizon Web Dashboard Open Redirect vulnerability

Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.

GHSA-65rp-cv85-263x: etcd denial of service vulnerability

Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go