Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-gjjr-63x4-v8cq: langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method

langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain in the python exec method.

ghsa
Open in Source
#git
CVE-2023-44812: GitHub - ahrixia/CVE-2023-44812: mooSocial v3.1.8 is vulnerable to cross-site scripting on Admin redirect function.

Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the admin_redirect_url parameter of the user login function.

CVE-2023-44813: GitHub - ahrixia/CVE-2023-44813: mooSocial v3.1.8 is vulnerable to cross-site scripting on Invite Friend function.

Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function.

CVE-2023-43271: vuln/70mai_a500s_backdoor.md at master · Question-h/vuln

Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete the video files of the driving recorder through ftp and other protocols.

Phishers Spoof USPS, 12 Other Natl’ Postal Services

Recent weeks have seen a sizable uptick in the number of phishing scams targeting U.S. Postal Service (USPS) customers. Here's a look at an extensive SMS phishing operation that tries to steal personal and financial data by spoofing the USPS, as well as postal services in at least a dozen other countries worldwide.

CVE-2023-44811: GitHub - ahrixia/CVE-2023-44811: mooSocial v3.1.8 is vulnerable to Cross Site Request Forgery (CSRF) which allows attacker to change admin password.

Cross Site Request Forgery (CSRF) vulnerability in MooSocial v.3.1.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the admin Password Change Function.

CVE-2023-44400: Admin (portal user) Audit Logs and Activities · Issue #3481 · louislam/uptime-kuma

Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user's device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the issue.

PEACHPIT: Massive Ad Fraud Botnet Powered by Millions of Hacked Android and iOS

An ad fraud botnet dubbed PEACHPIT leveraged an army of hundreds of thousands of Android and iOS devices to generate illicit profits for the threat actors behind the scheme. The botnet is part of a larger China-based operation codenamed BADBOX, which also entails selling off-brand mobile and connected TV (CTV) devices on popular online retailers and resale sites that are backdoored with an

Hackers Send Fake Rocket Alerts to Israelis via Hacked Red Alert App

By Waqas The Red Alert App is available on iOS; however, its Android version has been removed for unknown reasons This is a post from HackRead.com Read the original post: Hackers Send Fake Rocket Alerts to Israelis via Hacked Red Alert App

The Israel-Hamas War Is Drowning X in Disinformation

People who have turned to X for breaking news about the Israel-Hamas conflict are being hit with old videos, fake photos, and video game footage at a level researchers have never seen.