WordPress plugin Backend Localization 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-9950 · Unknown · Kau-Boy Backend Localization Plugin

Name of the Vulnerable Software and Affected Versions: Kau-Boy Backend Localization Plugin versions up to 1.6.1 Description: The issue affects the processing of the file backend localization.php, leading to cross-site scripting. The attack can be initiated remotely. Recommendations: For versions ...

PT-2023-9951 · WordPress · Kau-Boy Backend Localization Plugin

Name of the Vulnerable Software and Affected Versions: Kau-Boy Backend Localization Plugin version 2.0 Description: A problematic vulnerability has been found in the Kau-Boy Backend Localization Plugin on WordPress, affecting the function backend localization admin settings/backend localization...

WordPress plugin Backend Localization 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

OPENSUSE-SU-2023:0090-1 Security update for nextcloud-desktop

This update for nextcloud-desktop fixes the following issues: nextcloud-desktop was updated to 3.8.0: - Resize WebView widget once the loginpage rendered - Feature/secure file drop - Check German translation for wrong wording - L10n: Correct word - Fix displaying of file details button for local...

Malicious code in @miro-site/localization (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 50ed9a83072029828451c3aa68fec9a49ec55530b597b59576b0a8c497776385 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview taxi-localization is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

SUSE CVE-2022-28282

By using a link with rel="localization" a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and...

MAL-2023-830 Malicious code in taxi-localization (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 097d1cf9ae16e020a782ddabda9f4556107a34ffa87be84afde01f013fe2e52a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in taxi-localization (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 097d1cf9ae16e020a782ddabda9f4556107a34ffa87be84afde01f013fe2e52a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

November 8, 2022—KB5019980 (OS Build 22621.819)

November 8, 2022—KB5019980 OS Build 22621.819 NEW 11/8/22 IMPORTANT Because of minimal operations during the holidays and the upcoming Western new year, there won’t be a non-security preview release for the month of December 2022. There will be a monthly security release known as a “B” release fo...

DEBIAN-CVE-2022-28282

By using a link with rel="localization" a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and...

Code injection

By using a link with rel="localization" a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and...

CVE-2022-28282

Summary: CVE-2022-28282 is a use-after-free in the L10n/TranslateDocument path triggered when destroying an object during JavaScript execution and then referencing it via a freed pointer, with exploits tied to Firefox/Thunderbird. Affected versions: Thunderbird < 91.8, Firefox < 99, and Fir...

CVE-2022-28282

By using a link with rel="localization" a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and...

Malicious code in eg-auth-ui-localization (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 437e53aa9aa9cbd8bae160de3b5b28fa886c8552f617e61fbe93c938c4e2029c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2678 Malicious code in eg-auth-ui-localization (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 437e53aa9aa9cbd8bae160de3b5b28fa886c8552f617e61fbe93c938c4e2029c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Privacy predictions 2023

Our last edition of privacy predictions focused on a few important trends where business and government interests intersect, with regulators becoming more active in a wide array of privacy issues. Indeed, we saw regulatory activity around the globe. In the US, for example, the FTC has requested...

Policy trends: where are we today on regulation in cyberspace?

This is the first edition of our policy analysis and observations of trends in the regulation of cyberspace, and cybersecurity, within the Kaspersky Security Bulletin. This year so far has been very challenging: increased tensions in international relations have had a huge impact on both cyberspa...

Indian Government Publishes Draft of Digital Personal Data Protection Bill 2022

The Indian government on Friday released a draft version of the much-awaited data protection regulation, making it the fourth such effort since it was first proposed in July 2018. The Digital Personal Data Protection Bill, 2022, as it's called, aims to secure personal data, while also seeking...