Security
Headlines
HeadlinesLatestCVEs

Tag

#web

GHSA-j2v2-3784-vr44: Duplicate Advisory: openCart Server-Side Template Injection (SSTI) vulnerability

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xrh7-2gfq-4rcq. This link is maintained to preserve external references. ## Original Description OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function.

ghsa
Open in Source
#vulnerability#web#git
Recorded Future: Russia's 'Undesirable' Designation Is a Compliment

The threat intelligence business, which is set to be acquired by Mastercard for billions, is officially vendor non grata in Putin's regime.

FBI Warns of HiatusRAT Malware Targeting Webcams and DVRs

KEY SUMMARY POINTS The FBI has issued a Private Industry Notification (PIN) to highlight new malware campaigns targeting…

FBI Warns of HiatusRAT Malware Targeting Webcams and DVRs

KEY SUMMARY POINTS The FBI has issued a Private Industry Notification (PIN) to highlight new malware campaigns targeting…

Maximizing Productivity with Online Document Solutions

Many professionals juggle multiple document formats, leading to confusion and wasted time. Imagine a streamlined process that simplifies…

GHSA-4fg7-vxc8-qx5w: rage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution

A plugin name containing a path separator may allow an attacker to execute an arbitrary binary. Such a plugin name can be provided to the `rage` CLI through an attacker-controlled recipient or identity string, or to the following `age` APIs when the `plugin` feature flag is enabled: - [`age::plugin::Identity::from_str`](https://docs.rs/age/0.11.0/age/plugin/struct.Identity.html#impl-FromStr-for-Identity) (or equivalently [`str::parse::<age::plugin::Identity>()`](https://doc.rust-lang.org/stable/core/primitive.str.html#method.parse)) - [`age::plugin::Identity::default_for_plugin`](https://docs.rs/age/0.11.0/age/plugin/struct.Identity.html#method.default_for_plugin) - [`age::plugin::IdentityPluginV1::new`](https://docs.rs/age/0.11.0/age/plugin/struct.IdentityPluginV1.html#method.new) - [`age::plugin::Recipient::from_str`](https://docs.rs/age/0.11.0/age/plugin/struct.Recipient.html#impl-FromStr-for-Recipient) (or equivalently [`str::parse::<age::plugin::Recipient>()`](https://doc.rust-la...

Manufacturers Lose Azure Creds to HubSpot Phishing Attack

Cyberattackers used fake DocuSign links and HubSpot forms to try to solicit Azure cloud logins from hundreds of thousands of employees across Europe.

Pallet liquidation scams and how to recognize them

Pallet liquidation is an attractive playing field for online scammers. Will you receive goods or get your credit card details stolen?

Hackers Exploiting Linux eBPF to Spread Malware in Ongoing Campaign

KEY SUMMARY POINTS Cybersecurity researchers Dr. Web have uncovered a new and active Linux malware campaign aimed at…