Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

Credential Stealing Flaw in Google Chrome Impacted 2.5 Billion Users

By Deeba Ahmed The vulnerability affected all Chromium-based browsers, including Opera and Edge. This is a post from HackRead.com Read the original post: Credential Stealing Flaw in Google Chrome Impacted 2.5 Billion Users

HackRead
Open in Source
#vulnerability#web#windows#google#backdoor#auth#zero_day#chrome
CVE-2023-0244: \App\Manage\Controller\KefuController.class.php has SQLinject · Issue #13 · yeyinshi/tuzicms

A vulnerability classified as critical was found in TuziCMS 2.0.6. This vulnerability affects the function delall of the file \App\Manage\Controller\KefuController.class.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218152.

CVE-2022-46503: bug_report/XSS-1.md at main · mkwsj007/bug_report

A cross-site scripting (XSS) vulnerability in the component /admin/register.php of Online Student Enrollment System v1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the name parameter.

Experts Detail Chromium Browser Security Flaw Putting Confidential Data at Risk

Details have emerged about a now-patched vulnerability in Google Chrome and Chromium-based browsers that, if successfully exploited, could have made it possible to siphon files containing confidential data. "The issue arose from the way the browser interacted with symlinks when processing files and directories," Imperva researcher Ron Masas said. "Specifically, the browser did not properly check

CVE-2023-21796: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** This vulnerability could lead to a browser sandbox escape.

CVE-2023-21775: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** This vulnerability could lead to a browser sandbox escape.

Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit

The first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of 98 security flaws, including one bug that the company said is being actively exploited in the wild. 11 of the 98 issues are rated Critical and 87 are rated Important in severity, with the vulnerabilities also listed as publicly known at the time of release. Separately, the Windows maker is expected to release

CVE-2023-22959: GitHub - chenan224/webchess_sqli_poc

WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.php, chess.php, and opponentspassword.php (txtFirstName, txtLastName).

5 must-haves for K-12 cybersecurity

Categories: Business Over the years, cyberattacks on K-12 schools and districts have steadily increased and in 2022 that trend only continued. In this post, we’ll look at the 5 must-haves for K-12 cybersecurity. (Read more...) The post 5 must-haves for K-12 cybersecurity appeared first on Malwarebytes Labs.

98 Patches: Microsoft Greets New Year With Zero-Day Security Fixes

Microsoft's January 2023 Patch Tuesday security update contains fixes for bugs in multiple products. Here's what you need to patch now.