Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Red Hat Security Advisory 2023-5850-01

Red Hat Security Advisory 2023-5850-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

Packet Storm
Open in Source
#vulnerability#web#linux#red_hat#ddos#dos#nodejs#js#java
Red Hat Security Advisory 2023-5849-01

Red Hat Security Advisory 2023-5849-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

CVE-2023-45379: [CVE-2023-45379] Improper neutralization of SQL parameter in Posthemes Rotator Img module for PrestaShop

In the module "Rotator Img" (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection.

CVE-2023-45883: Enterprise Video Management - Qumu

A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM privileges. Standard users may use this to gain arbitrary code execution as SYSTEM.

CVE-2022-37830

Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS).

Hackers Exploit QR Codes with QRLJacking for Malware Distribution

By Deeba Ahmed Researchers report a surge in QR code-related cyberattacks exploiting phishing and malware distribution, especially QRLJacking and Quishing attacks. This is a post from HackRead.com Read the original post: Hackers Exploit QR Codes with QRLJacking for Malware Distribution

Vulnerability Scanning: How Often Should I Scan?

The time between a vulnerability being discovered and hackers exploiting it is narrower than ever – just 12 days. So it makes sense that organizations are starting to recognize the importance of not leaving long gaps between their scans, and the term "continuous vulnerability scanning" is becoming more popular. Hackers won’t wait for your next scan One-off scans can be a simple ‘one-and-done'

Microsoft Warns of North Korean Attacks Exploiting TeamCity Flaw

North Korean threat actors are actively exploiting a critical security flaw in JetBrains TeamCity to opportunistically breach vulnerable servers, according to Microsoft. The attacks, which entail the exploitation of CVE-2023-42793 (CVSS score: 9.8), have been attributed to Diamond Sleet (aka Labyrinth Chollima) and Onyx Sleet (aka Andariel or Silent Chollima). It's worth noting that both the

CVE-2023-46229: Add security note to recursive url loader (#11934) · langchain-ai/langchain@9ecb724

LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server.

Google TAG Detects State-Backed Threat Actors Exploiting WinRAR Flaw

A number of state-back threat actors from Russia and China have been observed exploiting a recent security flaw in the WinRAR archiver tool for Windows as part of their operations. The vulnerability in question is CVE-2023-38831 (CVSS score: 7.8), which allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The shortcoming has been actively