Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2023-26078: Vulnerability-Disclosures/2023/MNDT-2023-0009.md at master · mandiant/Vulnerability-Disclosures

Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs.

CVE
Open in Source
#vulnerability#windows#git
mooDating 1.2 Cross Site Scripting

mooDating version 1.2 suffers from a cross site scripting vulnerability.

CMSctweb Creative 1.0 Cross Site Scripting

CMSctweb Creative version 1.0 suffers from a cross site scripting vulnerability.

CMS Ultimate Solutions DreamSus 1.4 Cross Site Scripting

CMS Ultimate Solutions DreamSus version 1.4 suffers from a cross site scripting vulnerability.

WordPress Page Builder KingComposer 2.9.6 Open Redirection

WordPress Page Builder KingComposer plugin version 2.9.6 suffers from an open redirection vulnerability.

WordPress Image Optimization 3.8.2 Open Redirection

WordPress Image Optimization plugin version 3.8.2 suffers from an open redirection vulnerability.

Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks

Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078, with the issues remediated in versions 1.8.3.7 and 1.8.4.9 released by Atera on April 17, 2023, and

Banking Sector Targeted in Open-Source Software Supply Chain Attacks

Cybersecurity researchers said they have discovered what they say is the first open-source software supply chain attacks specifically targeting the banking sector. "These attacks showcased advanced techniques, including targeting specific components in web assets of the victim bank by attaching malicious functionalities to it," Checkmarx said in a report published last week. "The attackers