Security
Headlines
HeadlinesLatestCVEs

Tag

#web

CVE-2023-37538: Knowledge Article View HCL - Customer Support

HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).

CVE
Open in Source
#xss#web#git
Over 17,000 WordPress Sites Compromised by Balada Injector in September 2023

More than 17,000 WordPress websites have been compromised in the month of September 2023 with malware known as Balada Injector, nearly twice the number of detections in August. Of these, 9,000 of the websites are said to have been infiltrated using a recently disclosed security flaw in the tagDiv Composer plugin (CVE-2023-3169, CVSS score: 6.1) that could be exploited by unauthenticated users to

CVE-2023-44689

e-Gov Client Application (Windows version) versions prior to 2.1.1.0 and e-Gov Client Application (macOS version) versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme. A crafted URL may direct the product to access an arbitrary website. As a result, the user may become a victim of a phishing attack.

DISA STIG for Red Hat Enterprise Linux 9 is now available

According to IDC, Linux operating system (OS) environments are expected to grow from 78% in 2021 to 82% in 2026 across physical, virtual, and cloud deployments. Fundamental to that growth is continued assurance that Linux OSs can provide organizations with more powerful and secure foundations upon which to build and run workloads in just about any environment. For decades, Red Hat Enterprise Linux (RHEL) has been the world’s leading enterprise Linux platform, partly because it delivers on those promises of power and a stronger security footprint. The latest version, RHEL 9.2, continues th

Patch Tuesday, October 2023 Edition

Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS.

Google Makes Passkeys Default for All Users

By Waqas Goodbye Passwords, or Not Yet? This is a post from HackRead.com Read the original post: Google Makes Passkeys Default for All Users

Badbox Operation Targets Android Devices in Fraud Schemes

Researchers believe that more than 70,000 Android devices may have been affected with preloaded Peachpit malware that was installed on the electronics before being sold at market.

One-Click 'Gnome' Exploit Is a Supply Chain Risk for Linux OSes

An overlooked library contains a vulnerability that could enable full remote takeover simply by clicking a link.

Hackers on WordPress Websites Hacking Spree with Balada Malware

By Deeba Ahmed If you use WordPress, update to the latest version. This is a post from HackRead.com Read the original post: Hackers on WordPress Websites Hacking Spree with Balada Malware

Internet-Wide Zero-Day Bug Fuels Largest-Ever DDoS Event

Ongoing Rapid Reset DDoS flood attacks exposed organizations need to patch CVE-2023-44487 immediately to head off crippling outages and business disruption.