Security
Headlines
HeadlinesLatestCVEs

Tag

#google

Italia Mediasky CMS 2.0 Cross Site Request Forgery

Italia Mediasky CMS version 2.0 suffers from a cross site request forgery vulnerability.

Packet Storm
Open in Source
#csrf#vulnerability#web#windows#google#js#java#php#auth#firefox
Chrome Read-Only Property Overwrite

Chrome suffers from a read-only property overwrite in TurboFan.

Google Agrees to $93 Million Settlement in California's Location-Privacy Lawsuit

Google has agreed to pay $93 million to settle a lawsuit filed by the U.S. state of California over allegations that the company's location-privacy practices misled consumers and violated consumer protection laws. "Our investigation revealed that Google was telling its users one thing – that it would no longer track their location once they opted out – but doing the opposite and continuing to

Cybercriminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads

The threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread initial payloads signed with Extended Validation (EV) code signing certificates. "This suggests that the threat actors are streamlining operations by making their techniques multipurpose," Trend Micro researchers said in a new analysis published this

CVE-2023-40982: Webmin

A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.

CVE-2023-41592: OWASP Top Ten | OWASP Foundation

Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability.

Hackers Claiming to Jailbreak AI Chatbots to Write Phishing Emails

By Deeba Ahmed Cybercriminals on multiple hacker forums claim to jailbreak AI chatbots to write malicious content, including phishing emails, a new report from SlashNext has revealed. This is a post from HackRead.com Read the original post: Hackers Claiming to Jailbreak AI Chatbots to Write Phishing Emails

GHSA-gw5p-q8mj-p7gh: Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64

### Impact Wasmtime versions from 10.0.0 to 12.0.1 contain a miscompilation of the WebAssembly `i64x2.shr_s` instruction on x86_64 platforms when the shift amount is a constant value that is larger than 32. Only x86_64 is affected so all other targets are not affected by this. The miscompilation results in the instruction producing an incorrect result, namely the low 32-bits of the second lane of the vector are derived from the low 32-bits of the second lane of the input vector instead of the high 32-bits. The primary impact of this issue is that any WebAssembly program using the `i64x2.shr_s` with a constant shift amount larger than 32 may produce an incorrect result. This issue is not an escape from the WebAssembly sandbox. Execution of WebAssembly guest programs will still behave correctly with respect to memory sandboxing and isolation from the host. Wasmtime considers non-spec-compliant behavior as a security issue nonetheless. This issue was discovered through fuzzing of Wasmt...

iSmile Soft CMS 0.3.0 Add Administrator

iSmile Soft CMS version 0.3.0 suffers from an add administrator vulnerability.

islamnt CMS 2.1.0 Add Administrator

islamnt CMS version 2.1.0 suffers from an add administrator vulnerability.