Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2023-21795

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE
Open in Source
#vulnerability#microsoft#chrome
CVE-2022-40034: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') In /comment · Issue #4 · rawchen/blog-ssm

Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter.

CVE-2023-0447: Changeset 2844200 for youtube-channel – WordPress Plugin Repository

The My YouTube Channel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clear_all_cache function in versions up to, and including, 3.0.12.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to clear the plugin's cache.

Key takeaways from Malwarebytes 2023 State of Mobile Cybersecurity

Categories: Business We asked 250 schools and hospitals about their mobile security posture, including Chromebooks. Here’s what we found out. (Read more...) The post Key takeaways from Malwarebytes 2023 State of Mobile Cybersecurity appeared first on Malwarebytes Labs.

Samsung Galaxy Store App Found Vulnerable to Sneaky App Installs and Fraud

Two security flaws have been disclosed in Samsung's Galaxy Store app for Android that could be exploited by a local attacker to stealthily install arbitrary apps or direct prospective victims to fraudulent landing pages on the web. The issues, tracked as CVE-2023-21433 and CVE-2023-21434, were discovered by NCC Group and notified to the South Korean chaebol in November and December 2022. Samsung

4 ways to protect your privacy while scrolling

Categories: News Categories: Privacy Tags: Privacy Tags: browser Tags: VPN Tags: BrowserGuard For every level of privacy awareness, there are layers you can use to protect yourself. Here are four suggestions. (Read more...) The post 4 ways to protect your privacy while scrolling appeared first on Malwarebytes Labs.

CVE-2023-23314: File upload ssh authorized_keys causes RCE · Issue #90 · helloxz/zdir

An arbitrary file upload vulnerability in the /api/upload component of zdir v3.2.0 allows attackers to execute arbitrary code via a crafted .ssh file.

CVE-2022-46959: Back up files in any directory through directory traversal · Issue #56 · go-sonic/sonic

An issue in the component /admin/backups/work-dir of Sonic v1.0.4 allows attackers to execute a directory traversal.

A week in security (January 16—22)

Categories: News Tags: Google Tags: Rust Tags: Chromium Tags: Mailchimp Tags: SweepWizard Tags: bossware Tags: TikTok Tags: surveillance firm Tags: Voyager Labs Tags: TracketPacer Tags: Facebook Tags: Instagram Tags: Vice Society Tags: Liquor Control Board of Ontario Tags: Zoho ManageEngine Tags: GitHub Tags: LastPass Tags: Git flaw Tags: ransomware Tags: credit card fraud The most interesting security related news from the week of January 16-22. (Read more...) The post A week in security (January 16—22) appeared first on Malwarebytes Labs.