Security
Headlines
HeadlinesLatestCVEs

Tag

#web

CVE-2023-41691: WordPress WooCommerce PensoPay plugin <= 6.3.1 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pensopay WooCommerce PensoPay plugin <= 6.3.1 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
CVE-2023-41666: WordPress Stock Quotes List plugin <= 2.9.9 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Stockdio Stock Quotes List plugin <= 2.9.9 versions.

CVE-2023-39308: WordPress UserFeedback Lite plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <= 1.0.7 versions.

CVE-2023-5258: SQL injection vulnerability exists in RapidCMS Dev.1.3.1 · Issue #4 · yhy217/rapidcms-vul

A vulnerability classified as critical has been found in OpenRapid RapidCMS 1.3.1. This affects an unknown part of the file /resource/addgood.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240867.

Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm

The North Korea-linked Lazarus Group has been linked to a cyber espionage attack targeting an unnamed aerospace company in Spain in which employees of the firm were approached by the threat actor posing as a recruiter for Meta. "Employees of the targeted company were contacted by a fake recruiter via LinkedIn and tricked into opening a malicious executable file presenting itself as a coding

Post-Quantum Cryptography: Finally Real in Consumer Apps?

Most people are barely thinking about basic cybersecurity, let alone post-quantum cryptography. But the impact of a post-quantum world is coming for them regardless of whether or not it's keeping them up tonight.  Today, many rely on encryption in their daily lives to protect their fundamental digital privacy and security, whether for messaging friends and family, storing files and photos, or

Update Chrome now! Google patches another actively exploited vulnerability

Categories: Exploits and vulnerabilities Categories: News Google has updated its Chrome Stable Channel to fix, among other things, an actively exploited vulnerability (Read more...) The post Update Chrome now! Google patches another actively exploited vulnerability appeared first on Malwarebytes Labs.

Microsoft's AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites

Malicious ads served inside Microsoft Bing's artificial intelligence (AI) chatbot are being used to distribute malware when searching for popular tools. The findings come from Malwarebytes, which revealed that unsuspecting users can be tricked into visiting booby-trapped sites and installing malware directly from Bing Chat conversations. Introduced by Microsoft in February 2023, Bing Chat is an

CVE-2023-44469: Real-life OIDC Security (IV): Server-Side-Request-Forgery

A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770.

Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server

Progress Software has released hotfixes for a critical security vulnerability, alongside seven other flaws, in the WS_FTP Server Ad hoc Transfer Module and in the WS_FTP Server manager interface. Tracked as CVE-2023-40044, the flaw has a CVSS score of 10.0, indicating maximum severity. All versions of the software are impacted by the flaw. "In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a