Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

CVE-2023-26147: Snyk Vulnerability Database | Snyk

All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when untrusted user input is used to build headers values. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content, like for example additional headers or new response body, leading to a potential XSS vulnerability.

CVE
Open in Source
#xss#vulnerability#intel#dell
CVE-2023-26148: Snyk Vulnerability Database | Snyk

All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user input is used to set request headers. An attacker can add the \r\n (carriage return line feeds) characters and inject additional headers in the request sent.

Malicious Ads Infiltrate Bing AI Chatbot in Malvertising Attack

By Waqas Is it really necessary to display advertisements within an AI chatbot? This is a post from HackRead.com Read the original post: Malicious Ads Infiltrate Bing AI Chatbot in Malvertising Attack

CVE-2023-4316: zod

Zod in version 3.22.2 allows an attacker to perform a denial of service while validating emails

Dark Web Pedophiles Using Open-Source AI to Generate CSAM

By Waqas This was revealed by the Internet Watch Foundation, a UK-based internet watchdog. This is a post from HackRead.com Read the original post: Dark Web Pedophiles Using Open-Source AI to Generate CSAM

The security pitfalls of social media sites offering ID-based authentication

Two notable vulnerabilities in Google Chrome should be patched asap, and an allegedly new ransomware-as-a-service group.

China's BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies

Cybersecurity agencies from Japan and the U.S. have warned of attacks mounted by a state-backed hacking group from China to stealthily tamper with branch routers and use them as jumping-off points to access the networks of various companies in the two countries. The attacks have been tied to a malicious cyber actor dubbed BlackTech by the U.S. National Security Agency (NSA), Federal Bureau of

China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

Government and telecom entities have been subjected to a new wave of attacks by a China-linked threat actor tracked as Budworm using an updated malware toolset. The intrusions, targeting a Middle Eastern telecommunications organization and an Asian government, took place in August 2023, with the adversary deploying an improved version of its SysUpdate toolkit, the Symantec Threat Hunter Team,

CVE-2023-5233: Font Awesome Integration <= 5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Wordfence Intelligence

The Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'fawesome' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2023-5232: Font Awesome More Icons <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Wordfence Intelligence

The Font Awesome More Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'icon' shortcode in versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.