Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-42222: GitHub - itssixtyn3in/CVE-2023-42222

WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.

CVE
Open in Source
#vulnerability#web#mac#git#samba
CVE-2023-5244: huntr – Security Bounties for any GitHub repository

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.

Malicious ad served inside Bing's AI chatbot

Categories: Threat Intelligence Tags: bing chat Tags: AI Tags: malvertising Tags: ads Users looking for software downloads may be tricked into visiting malicious websites via their interaction with Bing Chat. (Read more...) The post Malicious ad served inside Bing's AI chatbot appeared first on Malwarebytes Labs.

Snapchat Safety for Parents: How to Safeguard Your Child

By Owais Sultan Snapchat is a platform that may not be suitable for everyone, especially if the user is an underage child. So, what can you do? This is a post from HackRead.com Read the original post: Snapchat Safety for Parents: How to Safeguard Your Child

CVE-2023-43314: ZYXEL-PMG2005-T20B has a denial of service vulnerability · Issue #1 · Rumble00/Rumble

Buffer Overflow vulnerability in ZYXEL ZYXEL v.PMG2005-T20B allows a remote attacker to cause a denial of service via a crafted script to the uid parameter in the cgi-bin/login.asp component.

CVE-2023-43191: cmscve_test/README.md at main · etn0tw/cmscve_test

JFinalCMS foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker, such as cookie theft

CVE-2023-43233: mycve/YZNCMS 1.3.0 XSS.pdf at main · yux1azhengye/mycve

A stored cross-site scripting (XSS) vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter.

CVE-2023-44080: CVE-2023-44080.md

An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attacker to execute arbitrary code via a crafted request to the branchList component.

CVE-2023-43192: cve_sql/jfinalcms_sql.md at main · etn0tw/cve_sql

SQL injection can exist in a newly created part of the JFinalcms background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statement.

GHSA-7vpr-3ppw-qrpj: Imageflow affected by libwebp zero-day and should not be used with malicious source images.

### Impact This vulnerability affects deployments of Imageflow that involve decoding or processing malicious source .webp files. If you only process your own trusted files, this should not affect you (but you should update anyway). Imageflow relies on Google's [libwebp] library to decode .webp images, and is affected by the recent zero-day out-of-bounds write vulnerability [CVE-2023-4863](https://nvd.nist.gov/vuln/detail/CVE-2023-4863) and https://github.com/advisories/GHSA-j7hp-h8jx-5ppr. The libwebp vulnerability also affects Chrome, Android, macOS, and other consumers of the library). libwebp patched [the vulnerability](https://github.com/webmproject/libwebp/commit/2af26267cdfcb63a88e5c74a85927a12d6ca1d76 ) and released [1.3.2](https://github.com/webmproject/libwebp/releases/tag/v1.3.2) This was patched in [libwebp-sys in 0.9.3 and 0.9.4](https://github.com/NoXF/libwebp-sys/commits/master) **[Imageflow v2.0.0-preview8](https://github.com/imazen/imageflow/releases/tag/v2.0.0-p...