Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-5844: [Improvement]: Check if new password is NOT the same as the old one w… · pimcore/admin-ui-classic-bundle@498ac77

Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0.

CVE
Open in Source
#git#php#auth
EleKtra-Leak Cryptojacking Attacks Exploit AWS IAM Credentials Exposed on GitHub

A new ongoing campaign dubbed EleKtra-Leak has set its eyes on exposed Amazon Web Service (AWS) identity and access management (IAM) credentials within public GitHub repositories to facilitate cryptojacking activities. "As a result of this, the threat actor associated with the campaign was able to create multiple AWS Elastic Compute (EC2) instances that they used for wide-ranging and

CISO Skills in a Changing Security Market: Are You Prepared?

The CISO role has evolved from a strictly technical position to one that increasingly requires business acumen. Here are some things you need to know.

Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Maware

A new cyber attack campaign has been observed using spurious MSIX Windows app package files for popular software such as Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex to distribute a novel malware loader dubbed GHOSTPULSE. "MSIX is a Windows app package format that developers can leverage to package, distribute, and install their applications to Windows users," Elastic

CVE-2023-44141: Inkdrop - Note-taking App with Robust Markdown Editor

Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file.

GHSA-35c7-w35f-xwgh: Kube-proxy may unintentionally forward traffic

Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (`spec.ports[*].port`) as a LoadBalancer Service when the LoadBalancer controller does not set the `status.loadBalancer.ingress[].ip` field. Clusters where the LoadBalancer controller sets the `status.loadBalancer.ingress[].ip` field are unaffected.

GHSA-9pjf-jw9q-fx49: Cross-site Scripting (XSS) in dolibarr/dolibarr

Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.

CVE-2023-46865: Add extension whitelist to company logo file name by asylumdx · Pull Request #1271 · crater-invoice/crater

/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.

CVE-2023-5842

Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.

CVE-2023-46864: Path Traversal - Arbitrary File Download · Issue #171 · Peppermint-Lab/peppermint

Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request.