Security
Headlines
HeadlinesLatestCVEs

Tag

#web

CVE-2023-30477: WordPress AFFILIATE Solution plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Essitco AFFILIATE Solution plugin <= 1.0 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2023-30475: WordPress Coupon Affiliates plugin <= 5.4.5 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot Sowersby, RelyWP WooCommerce Affiliate Plugin – Coupon Affiliates plugin <= 5.4.5 versions.

A Huge Scam Targeting Kids With Roblox and Fortnite 'Offers' Has Been Hiding in Plain Sight

The wide-ranging scams, often disguised as game promotions, can all be linked back to one network.

Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability

E-commerce sites using Adobe's Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023. The attacks, dubbed Xurum by Akamai, leverage a now-patched critical security flaw (CVE-2022-24086, CVSS score: 9.8) in Adobe Commerce and Magento Open Source that, if successfully exploited, could lead to arbitrary code execution. "The attacker seems to be

The rise of AI-powered criminals: Identifying threats and opportunities

A major area of impact of AI tools in cybercrime is the reduced need for human involvement in certain aspects of cybercriminal organizations.

Data center flaws spurred disruptions, espionage and malware attacks

By Waqas Trellix's researchers uncovered a series of vulnerabilities in two prominent data center equipment vendors: CyberPower and Dataprobe. This is a post from HackRead.com Read the original post: Data center flaws spurred disruptions, espionage and malware attacks

South African Power Supplier Hit by DroxiDat Malware

By Deeba Ahmed Cybersecurity researchers at Securelist have discovered a cyberattack against a power-generating firm in South Africa. Reportedly, the firm… This is a post from HackRead.com Read the original post: South African Power Supplier Hit by DroxiDat Malware

India Passes New Digital Personal Data Protection Bill (DPDPB), Putting Users' Privacy First

The Indian President Droupadi Murmu on Friday granted assent to the Digital Personal Data Protection Bill (DPDPB) after it was unanimously passed by both houses of the parliament last week, marking a significant step towards securing people's information. "The Bill provides for the processing of digital personal data in a manner that recognizes both the rights of the individuals to protect their

CVE-2023-3262: The Threat Lurking in Data Centers – Hack Power Management Systems, Take All the Power

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.

GHSA-xvv9-5j67-3rpq: zola Path Traversal vulnerability

An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The `handle_request` function, used by the server to process HTTP requests, does not account for sequences of special path control characters (`../`) in the URL when serving a file, which allows one to escape the webroot of the server and read arbitrary files from the filesystem.