Security
Headlines
HeadlinesLatestCVEs

Tag

#web

GHSA-8vj9-5v5q-fhch: Bonita cross-site scripting vulnerability

Bonita before 10.1.0.W11 allows stored XSS via a UI screen in the administration panel.

ghsa
Open in Source
#xss#vulnerability#web#git#java#maven
You Should Update Apple iOS and Google Chrome ASAP

Plus: Microsoft patches over 60 vulnerabilities, Mozilla fixes two Firefox zero-day bugs, Google patches 40 issues in Android, and more.

Yogurt Heist Reveals a Rampant Form of Online Fraud

Plus: “MFA bombing” attacks target Apple users, Israel deploys face recognition tech on Gazans, AI gets trained to spot tent encampments, and OSINT investigators find fugitive Amond Bundy.

Blockchain in Identity Management: Securing Personal Data and Identities

By Uzair Amir Learn how blockchain is transforming digital identity management by empowering individuals with self-sovereign control over personal data through… This is a post from HackRead.com Read the original post: Blockchain in Identity Management: Securing Personal Data and Identities

Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware

Malicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targeting Apple macOS users. The ongoing infostealer attacks targeting macOS users may have adopted different methods to compromise victims' Macs, but operate with the end goal of stealing sensitive data, Jamf Threat Labs said in a report published Friday. One

TheMoon Malware Returns: 6,000 Asus Routers Hacked in 72 Hours

By Waqas A new variant of "TheMoon Malware" has emerged, specifically targeting vulnerable IoT devices, particularly Asus routers. This is a post from HackRead.com Read the original post: TheMoon Malware Returns: 6,000 Asus Routers Hacked in 72 Hours

GHSA-w387-5qqw-7g8m: Content-Security-Policy header generation in middleware could be compromised by malicious injections

### Impact When the following conditions are met: - Automated CSP headers generation for SSR content is enabled - The web application serves content that can be partially controlled by external users Then it is possible that the CSP headers generation feature might be "allow-listing" malicious injected resources like inlined JS, or references to external malicious scripts. ### Patches Available in version 1.3.0 . ### Workarounds - Do not enable CSP headers generation. - Use it only for dynamically generated content that cannot be controlled by external users in any way. ### References _Are there any links users can visit to find out more?_

GHSA-73v2-rxqp-7q4f: aliyundrive-webdav vulnerable to Command Injection

An issue in aliyundrive-webdav v.2.3.3 and before allows a remote attacker to execute arbitrary code via a crafted payload to the sid parameter in the `action_query_qrcode` component.

Soholaunch 4.9.4 r44 Shell Upload

Soholaunch version 4.9.4 r44 suffers from a remote shell upload vulnerability.

Intel PowerGadget 3.6 Local Privilege Escalation

Intel PowerGadget version 3.6 suffers from a local privilege escalation vulnerability.