CLSA-2026-1778266904 kernel: Fix of 188 CVEs

rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present - xfrm: esp: avoid in-place decrypt on shared skb frags - clk: Fix clkhwgetclk when dev is NULL CVE-2022-49187 - x86/sgx: Add overflow check in sgxvalidateoffsetlength CVE-2022-49785 - ext4: init quota for 'old.inode' in...

CVE-2024-13021

A vulnerability, which was classified as problematic, has been found in SourceCodester Road Accident Map Marker 1.0. Affected by this issue is some unknown functionality of the file /endpoint/add-mark.php. The manipulation of the argument markname/details leads to cross site scripting. The attack...

CVE-2024-13021

A vulnerability, which was classified as problematic, has been found in SourceCodester Road Accident Map Marker 1.0. Affected by this issue is some unknown functionality of the file /endpoint/add-mark.php. The manipulation of the argument markname/details leads to cross site scripting. The attack...

CVE-2024-13021

CVE-2024-13021 affects SourceCodester Road Accident Map Marker 1.0. The issue is a stored/reflective cross-site scripting vulnerability in the /endpoint/add-mark.php endpoint, triggered by manipulating the mark_name/details parameters. The public exploit is reported, and multiple sources corrobor...

SourceCodester Road Accident Map Marker 代码注入漏洞

SourceCodester Road Accident Map Marker is a SourceCodester open source road accident map marker project. A code injection vulnerability exists in SourceCodester Road Accident Map Marker version 1.0, which stems from a cross-site scripting attack due to incorrect manipulation of the markname...

A week in security (February 5 – February 11)

Last week on Malwarebytes Labs: Ivanti urges customers to patch yet another critical vulnerability Ransomware in 2023 recap: 5 key takeaways FBI and CISA publish guide to Living off the Land techniques Warning from LastPass as fake app found on Apple App Store 2 million job seekers targeted by da...

Facebook fatal accident scam still rages on

Recently I wrote about a malvertising campaign on Facebook that has been going on for almost a year. Apparently Facebook is struggling to stop this campaign, so now this type of campaign is showing up in other languages than English. I have seen two different types in German. First Facebook scam...

CVE-2023-6104

Rejected reason: The CVE Record was published by accident...

Elderly targeted in car accident scam, kingpin arrested

The head of a criminal network responsible for defrauding hundreds of elderly people has been arrested, Europol has announced. After a joint operation in Germany, Poland, and the UK, Europol says the suspect was arrested in London from where he ran a network of fraudsters targeting mainly German...

CVE-2023-31557

Rejected reason: REJECT DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-2664. Reason: This record is a reservation duplicate of CVE-2023-2664. Notes: All CVE users should reference CVE-2023-2664 instead of this record. All references and descriptions in this record have been removed to prevent...

Apple Accidentally Approved Malware to Run on MacOS

The ubiquitous Shlayer adware has picked up a new trick, slipping past Cupertino's “notarization” defenses for the first time...

SQL Injection Vulnerability in the Frontend of Nanjing Benan Work Safety Accident Hidden Trouble Detection and Management Information System V2.3

Nanjing Benan Instrumentation Systems Co., Ltd. is committed to the design and development of hardware and software products in the field of safety production. SQL injection vulnerability exists in the front-end of Nanjing Benan's Hidden Accident Investigation and Management Information System...

SQL Injection Vulnerability in the Front-end of Nanjing Benan's Hidden Trouble Investigation and Management Information System for Work Safety Accidents

Nanjing Benan Instrumentation Systems Co., Ltd. is committed to the design and development of hardware and software products in the field of safety production. SQL injection vulnerability exists in the front-end of Nanjing Benan's information system for investigating and managing hidden productio...

Threat Outbreak Alert: Fake Traffic Accident Photo Attachment Email Messages on March 17, 2014

Medium Alert ID: 33374 First Published: 2014 March 17 19:40 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain photos relating to a traffic accident for the recipient. The text in the email message attempts to convince the...

State highway police website hacked !

State highway police website hacked ! The state highway police's website was allegedly hacked by an unknown person, who changed the accident figures to show a steep decline in the number of deaths for the year 2010. The changed statistics show the number of fatalities went down by almost 9,000...

Unfixed XSS vulnerability at www.havkom.se

Security researcher DellNull, has submitted on 15/05/2009 a cross-site-scripting XSS vulnerability affecting www.havkom.se, which at the time of submission ranked 7162581 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 12/06/2009. It is current...