Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

CVE-2022-1912: settings.php in smartsoftbutton-widget-de-botones-de-chat/trunk/admin/pages – WordPress Plugin Repository

The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation on the smartsoftbutton_settings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE
Open in Source
#web#ios#mac#js#java#wordpress#php#bios#auth#sap
New Study Finds Most Enterprise Vendors Failing to Mitigate Speculative Execution Attacks

With speculative execution attacks remaining a stubbornly persistent vulnerability ailing modern processors, new research has highlighted an "industry failure" to adopting mitigations released by AMD and Intel, posing a firmware supply chain threat. Dubbed FirmwareBleed by Binarly, the information leaking assaults stem from the continued exposure of microarchitectural attack surfaces on the part

Pegasus Spyware Used to Hack Devices of Pro-Democracy Activists in Thailand

Thai activists involved in the country's pro-democracy protests have had their smartphones infected with the infamous Pegasus government-sponsored spyware. At least 30 individuals, spanning activists, academics, lawyers, and NGO workers, are believed to have been infected between October 2020 and November 2021, many of whom have been previously detained, arrested and imprisoned for their

CVE-2022-31202: Multiple vulnerabilities in SoftGuard SNMP Network Management Extension

The export function in SoftGuard Web (SGW) before 5.1.5 allows directory traversal to read an arbitrary local file via export or man.tcl.

Google Removes "App Permissions" List from Play Store for New "Data Safety" Section

Following the launch of a new "Data safety" section for the Android app on the Play Store, Google appears to be readying to remove the app permissions list from both the mobile app and the web. The change was highlighted by Esper's Mishaal Rahman earlier this week. The Data safety section, which Google began rolling out in late April 2022, is the company's answer to Apple's Privacy Nutrition

Ex-CIA Programmer Found Guilty of Stealing Vault 7 Data, Giving It to Wikileaks

Joshua Schulte has been convicted for his role in the Vault 7 Wikileaks data dump that exposed invasive US cyber intelligence tactics.

Bishop Fox Secures $75 Million in Growth Funding From Carrick Capital Partners

Offensive security leader continues to defy market and economic trends with record growth and recognized innovation.

CVE-2022-28876: Security advisories | F-Secure

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aeheur.dll component can crash the scanning engine. The exploit can be triggered remotely by an attacker.

Former CIA Engineer Convicted of Leaking 'Vault 7' Hacking Secrets to Wikileaks

Joshua Schulte, a former programmer with the U.S. Central Intelligence Agency (CIA), has been found guilty of leaking a trove of classified hacking tools and exploits dubbed Vault 7 to WikiLeaks. The 33-year-old engineer had been charged in June 2018 with unauthorized disclosure of classified information and theft of classified material. Schulte also faces a separate trial on charges related to

CVE-2022-30113: 虚拟商品自动发货系统/付费阅读系统 - 发货100

Electronic mall system 1.0_build20200203 is affected vulnerable to SQL Injection.