Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

EMH CMS 0.1 Cross Site Scripting

EMH CMS version 0.1 suffers from a cross site scripting vulnerability.

Packet Storm
Open in Source
#sql#xss#csrf#vulnerability#web#ios#mac#windows#apple#google#ubuntu#linux#debian#cisco#java#php#perl#auth#ruby#firefox
CVE-2023-2737: Knowledge Article View - Thales Customer Support

Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation.

CVE-2023-39115: Campcodes Online Matrimonial Website System 3.3 Cross Site Scripting ≈ Packet Storm

install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document.

Experts Uncover Weaknesses in PowerShell Gallery Enabling Supply Chain Attacks

Active flaws in the PowerShell Gallery could be weaponized by threat actors to pull off supply chain attacks against the registry's users. "These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true owner of a package," Aqua security researchers Mor Weinberger, Yakir Kadkoda, and Ilay Goldman said in a report shared

RHSA-2023:4628: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.57 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24963: A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer. * CVE-2022-28331: A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affect...

CVE-2023-38840: Erase Master Password in memory after login · Issue #476 · bitwarden/desktop

Bitwarden Windows Desktop v2023.5.1 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process.

CVE-2023-38860: RCE vulnerability in CPAL (causal program-aided language) chain · Issue #7641 · langchain-ai/langchain

An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter.

Blood Donor Management System 1.0 Cross Site Scripting

Blood Donor Management System version 1.0 suffers from a persistent cross site scripting vulnerability.