Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Gasmark Pro 1.0 Shell Upload

Gasmark Pro version 1.0 suffers from a remote shell upload vulnerability.

Packet Storm
Open in Source
#vulnerability#web#windows#apple#git#php#rce#auth#chrome#webkit
Nokia BMC Log Scanner 13 Command Injection

Nokia BMC Log Scanner version 13 suffers from a remote command injection vulnerability.

COTI Announces Upcoming V2 Airdrop Campaign Worth +10M USD

By Owais Sultan Web3 infrastructure leader COTI is excited to announce a significant community rewards initiative, with the platform airdropping up… This is a post from HackRead.com Read the original post: COTI Announces Upcoming V2 Airdrop Campaign Worth +10M USD

Dark Web Tool Arms Ransomware Gangs: E-commerce & Aviation Industries Targeted

By Waqas Cyber Warfare Takes Flight: Geopolitics Fuel Attacks on Airlines - Dark Web Tool Aims at E-commerce! This is a post from HackRead.com Read the original post: Dark Web Tool Arms Ransomware Gangs: E-commerce & Aviation Industries Targeted

Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites

Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate information theft. "It uses an unorthodox HTML smuggling technique where the malicious payload is embedded in a separate JSON file hosted on an external website," Netskope Threat Labs

NIST NVD Halt Leaves Thousands of Vulnerabilities Untagged

By Deeba Ahmed 40% of 2024 CVEs Missing Key Info: NVD Data Gap Raises Security Risks! This is a post from HackRead.com Read the original post: NIST NVD Halt Leaves Thousands of Vulnerabilities Untagged

WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw

WordPress users of miniOrange's Malware Scanner and Web Application Firewall plugins are being urged to delete them from their websites following the discovery of a critical security flaw. The flaw, tracked as CVE-2024-2172, is rated 9.8 out of a maximum of 10 on the CVSS scoring system. It impacts the following versions of the two plugins - Malware Scanner (versions <= 4.7.2) Web

Automakers Are Telling Your Insurance Company How You Really Drive

Plus: The operator of a dark-web cryptocurrency “mixing” service is found guilty, and a US senator reveals that popular safes contain secret backdoors.

GHSA-5vcc-86wm-547q: Improper Privilege Management in djangorestframework-simplejwt

djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method.

GHSA-hgjh-9rj2-g67j: Spring Framework URL Parsing with Host Validation Vulnerability

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243, but with different input.