Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-6124: Server-Side Request Forgery (SSRF) in suitecrm

Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14.

CVE
Open in Source
#git#rce#ssrf
CVE-2023-48020: dreamer_cms/Enable CSRF for Task Management Office.md at main · moonsabc123/dreamer_cms

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/changeStatus.

Credit card skimming on the rise for the holiday shopping season

We've seen a particular card skimming campaign really pick up pace lately. With hundreds of stores compromised, you may come across it if you shop online this holiday season.

The Importance of Continuous Security Monitoring for a Robust Cybersecurity Strategy

In 2023, the global average cost of a data breach reached $4.45 million. Beyond the immediate financial loss, there are long-term consequences like diminished customer trust, weakened brand value, and derailed business operations. In a world where the frequency and cost of data breaches are skyrocketing, organizations are coming face-to-face with a harsh reality: traditional cybersecurity

CI/CD Risks: Protecting Your Software Development Pipelines

Have you heard about Dependabot? If not, just ask any developer around you, and they'll likely rave about how it has revolutionized the tedious task of checking and updating outdated dependencies in software projects.  Dependabot not only takes care of the checks for you, but also provides suggestions for modifications that can be approved with just a single click. Although Dependabot is limited

CVE-2023-46099

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the application that is later executed by another legitimate user.

The Mirai Confessions: Three Young Hackers Who Built a Web-Killing Monster Finally Tell Their Story

Netflix, Spotify, Twitter, PayPal, Slack. All down for millions of people. How a group of teen friends plunged into an underworld of cybercrime and broke the internet—then went to work for the FBI.

CVE-2023-28379: TALOS-2023-1738 || Cisco Talos Intelligence Group

A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.

CVE-2023-31247: TALOS-2023-1746 || Cisco Talos Intelligence Group

A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.

CVE-2023-27882: TALOS-2023-1733 || Cisco Talos Intelligence Group

A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.