Tag
Google has revealed that a security flaw that was patched as part of a security update rolled out last week to its Chrome browser has come under active exploitation in the wild. Tracked as CVE-2024-7965, the vulnerability has been described as an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine. "Inappropriate implementation in V8 in Google Chrome prior to
We came a cross a clever abuse of Google and Microsoft's services that fooled us for a minute. See if you could have spotted it.
### Impact When using the `Extract()` method of unzip-stream, malicious zip files were able to write to paths they shouldn't be allowed to. ### Patches Fixed in 0.3.2 ### References - https://snyk.io/research/zip-slip-vulnerability - https://github.com/mhr3/unzip-stream/compare/v0.3.1...v0.3.2 ### Credits Justin Taft from Google
This week on the Lock and Code podcast, we speak with Nitya Sharma about why AI is a far bigger concern than malware in staying safe.
Helpdeskz version 2.0.2 suffers from a persistent cross site scripting vulnerability.
SPIP version 4.2.11 suffers from a code execution vulnerability.
Loan Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant malicious actors unauthorized access to the devices. The vulnerability, tracked as CVE-2024-40766 (CVSS score: 9.3), has been described as an improper access control bug. "An improper access control vulnerability has been identified in the SonicWall SonicOS
Jobs Finder System version 1.0 suffers from a cross site scripting vulnerability.
Human Resource Management System version 2024 version 1.0 suffers from a cross site scripting vulnerability.