Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2023-2523: cve/Weaver.md at main · RCEraser/cve

A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228014 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE
Open in Source
#vulnerability#web#mac#apple#intel#php#rce#chrome#webkit
CVE-2023-30184: Typecho <= 1.2.0 Comments URL with Stored-XSS Vulnerability · Issue #1546 · typecho/typecho

A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter at /index.php/archives/1/comment.

How small businesses can secure employees' mobile devices

Categories: Business Categories: News Tags: Small Business Week Tags: mobile security policy Tags: A third of organizations aren't protecting their mobile devices at all. Don't be one of them. (Read more...) The post How small businesses can secure employees' mobile devices appeared first on Malwarebytes Labs.

Meta Takes Down Malware Campaign That Used ChatGPT as a Lure to Steal Accounts

Meta said it took steps to take down more than 1,000 malicious URLs from being shared across its services that were found to leverage OpenAI's ChatGPT as a lure to propagate about 10 malware families since March 2023. The development comes against the backdrop of fake ChatGPT web browser extensions being increasingly used to steal users' Facebook account credentials with an aim to run

PHPJabbers Simple CMS 5.0 SQL Injection

PHPJabbers Simple CMS version 5.0 suffers from a remote SQL injection vulnerability.

Gentoo Linux Security Advisory 202305-10

Gentoo Linux Security Advisory 202305-10 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 109.0.5414.74-r1>= are affected.

PHPFusion 9.10.30 Cross Site Scripting

PHPFusion version 9.10.30 suffers from a persistent cross site scripting vulnerability.

Google Introduces Passwordless Secure Sign-In with Passkeys for Google Accounts

Almost five months after Google added support for passkeys to its Chrome browser, the tech giant has begun rolling out the passwordless solution across Google Accounts on all platforms. Passkeys, backed by the FIDO Alliance, are a more secure way to sign in to apps and websites without having to use a traditional password. This, in turn, can be achieved by simply unlocking their computer or