Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Researchers Unveal GuLoader Malware's Latest Anti-Analysis Techniques

Threat hunters have unmasked the latest tricks adopted by a malware strain called GuLoader in an effort to make analysis more challenging. "While GuLoader's core functionality hasn't changed drastically over the past few years, these constant updates in their obfuscation techniques make analyzing GuLoader a time-consuming and resource-intensive process," Elastic Security Labs

The Hacker News
Open in Source
#web#microsoft#intel#The Hacker News
CVE-2023-28874: Seafile Community Edition - Seafile Admin Manual

The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites.

CVE-2023-28873: usd-2022-0032 - usd HeroLab

An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor.

GHSA-mvc8-6ffp-jrx5: Authorization bypass in Quarkus

A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions.

CVE-2023-6394: cve-details

A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions.

CVE-2023-46494: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in @evershop/evershop - Cx8ecec391-2014 - DevHub

Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted request to the ProductGrid function in admin/productGrid/Grid.jsx.

CVE-2023-46499: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in @evershop/evershop - Cx0f8b38be-d5de - DevHub

Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel.

CVE-2023-46495: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in @evershop/evershop - Cxbc6d4599-c1bd - DevHub

Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter.

Microsoft Defender Anti-Malware PowerShell API Arbitrary Code Execution

Microsoft Defender API and PowerShell APIs suffer from an arbitrary code execution due to a flaw in powershell not handling user provided input that contains a semicolon.

Meta’s Purple Llama wants to test safety risks in AI models

Meta's Project Llama aims to help developers filter out specific items that might cause their AI model to produce inappropriate content.