Tag
Code Injection in GitHub repository publify/publify prior to 9.2.8.
Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application.
Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.
HighCMS/HighPortal version 12.x appears to suffer from a remote SQL injection vulnerability.
By Waqas When you think of phishing or any form of internet crime, many believe this is something completely remote… This is a post from HackRead.com Read the original post: Secure Email Gateway Vs. Integrated Cloud Email Security (SEG Vs. ICES) – What’s the difference, and which should my business use?
Threat actors have launched a new campaign that starts with compromised WordPress sites and leads to fake reCAPTCHA sites designed to get visitors to accept web push notifications. The post Fake reCAPTCHA forms dupe users via compromised WordPress sites appeared first on Malwarebytes Labs.
Calibre-Web before 0.6.18 allows user table SQL Injection.
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.
Plus: New details of ICE’s dragnet surveillance in the US, Clearview AI agrees to limit sales of its faceprint database, and more.
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 6 and May 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,... [[ This is only the beginning! Please visit the blog for the complete entry ]]