#web

Scans showed that 91,000 devices are exposed and at risk for unauthorized access and TV set takeover.

If only Patch Tuesdays came around infrequently -- like total solar eclipse rare -- instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month's patch batch -- a record 147 flaws in Windows and related software.

Threat actors once again target system administrators via their favorite tools. Learn more about their TTPs and use the IOCs provide to investigate.

### Impact It is possible to inject insert tags via the form generator if the submitted form data is output on the page in a specific way. ### Patches Update to Contao 4.13.40 or 5.3.4. ### Workarounds Do not output the submitted form data on the website. ### References https://contao.org/en/security-advisories/insert-tag-injection-via-the-form-generator ### For more information If you have any questions or comments about this advisory, open an issue in [contao/contao](https://github.com/contao/contao/issues/new/choose).

As more electric vehicles are sold, the risk to compromised charging stations looms large alongside the potential for major cybersecurity exploits.

By Owais Sultan WordPress, a widely used content management system, owes a great deal of its flexibility to plugins. These small… This is a post from HackRead.com Read the original post: The Essential Tools and Plugins for WordPress Development

By Uzair Amir 0G Labs is pleased to unveil the launch of the testnet for 0G, the modular ultra-high data throughput… This is a post from HackRead.com Read the original post: 0G Launches Newton Testnet of Ultra-Scalable Modular AI Blockchain

The company is asking users to retire several network-attached storage (NAS) models to avoid compromise through a publicly available exploit that results in backdooring.

### Impact "gin-vue-admin<=v2.6.1 has a code injection vulnerability in the backend. In the Plugin System -> Plugin Template feature, an attacker can perform directory traversal by manipulating the 'plugName' parameter. They can create specific folders such as 'api', 'config', 'global', 'model', 'router', 'service', and 'main.go' function within the specified traversal directory. Moreover, the Go files within these folders can have arbitrary code inserted based on a specific PoC parameter." Affected code: https://github.com/flipped-aurora/gin-vue-admin/blob/746af378990ebf3367f8bb3d4e9684936df152e7/server/api/v1/system/sys_auto_code.go:239. Let's take a look at the method 'AutoPlug' within the 'AutoCodeApi' struct. ```go func (autoApi *AutoCodeApi) AutoPlug(c *gin.Context) { var a system.AutoPlugReq err := c.ShouldBindJSON(&a) if err != nil { response.FailWithMessage(err.Error(), c) return } a.Snake = strings.ToLower(a.PlugName) a.NeedModel = a.HasRequest || a.HasResponse er...

It was discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Lonial Con discovered that the netfilter subsystem in the Linux kernel contained a memory leak when handling certain element flush operations. A local attacker could use this to expose sensitive information (kernel memory). Various other issues were also addressed.