Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2023-28821: Releases · concretecms/concretecms

Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets.

CVE
Open in Source
#sql#xss#csrf#vulnerability#web#windows#microsoft#redis#js#git#java#php#rce#perl#pdf#oauth#auth#chrome
ViperSoftX InfoStealer Adopts Sophisticated Techniques to Avoid Detection

A significant number of victims in the consumer and enterprise sectors located across Australia, Japan, the U.S., and India have been affected by an evasive information-stealing malware called ViperSoftX. ViperSoftX was first documented in 2020, with cybersecurity company Avast detailing a campaign in November 2022 that leveraged the malware to distribute a malicious Google Chrome extension

CVE-2023-29334: Microsoft Edge (Chromium-based) Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

CVE-2023-28261

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2023-28286

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Google Gets Court Order to Take Down CryptBot That Infected Over 670,000 Computers

Google on Wednesday said it obtained a temporary court order in the U.S. to disrupt the distribution of a Windows-based information-stealing malware called CryptBot and "decelerate" its growth. The tech giant's Mike Trinh and Pierre-Marc Bureau said the efforts are part of steps it takes to "not only hold criminal operators of malware accountable, but also those who profit from its distribution.

ChurchCRM 4.5.3 SQL Injection

ChurchCRM versions 4.5.3 and below suffer from a remote SQL injection vulnerability.

Paperbug Attack: New Politically-Motivated Surveillance Campaign in Tajikistan

A little-known Russian-speaking cyber-espionage group has been linked to a new politically-motivated surveillance campaign targeting high-ranking government officials, telecom services, and public service infrastructures in Tajikistan. The intrusion set, dubbed Paperbug by Swiss cybersecurity company PRODAFT, has been attributed to a threat actor known as Nomadic Octopus (aka DustSquad). "The

CVE-2023-2294: UCMS1.6/README.md at main · yztale/UCMS1.6

A vulnerability was found in UCMS 1.6.0. It has been classified as problematic. This affects an unknown part of the file saddpost.php of the component Column Configuration. The manipulation of the argument strorder leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227481 was assigned to this vulnerability.

CVE-2023-30417: pear-admin-boot存在存储式跨站脚本漏洞 · Issue #I6SXHX · Pear Admin/Pear Admin Boot - Gitee.com

A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private message.