Tag
#git
The threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread initial payloads signed with Extended Validation (EV) code signing certificates. "This suggests that the threat actors are streamlining operations by making their techniques multipurpose," Trend Micro researchers said in a new analysis published this
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0.
Code Injection in GitHub repository librenms/librenms prior to 23.9.0.
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0.
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0.
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0.
Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability.
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.