Google strengthens its Workplace suite protection

Google has announced the strengthening of safeguard measures for its Workspace customers. You may well be using Workspace without realising it. If youre using a Google product such as Gmail, Calendar, Drive, or Google Docs Editors Suite among other apps, then congratulations: you are fully inside...

Malicious code in dexalot-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 49e7d1e48c40c5dcc937fed7e2bf1fd9437a3886652c7fa4c6d14181cd5aca86 The OpenSSF Package Analysis project identified 'dexalot-docs' @ 3000.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in docs-public-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ef1db73ad9c5c4da2dd3bded796ac7c4f660ab81ff6fd5cd77f0452265d05d6f Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2023-8026 Malicious code in docs-public-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ef1db73ad9c5c4da2dd3bded796ac7c4f660ab81ff6fd5cd77f0452265d05d6f Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

CVE-2023-32106

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Fahad Mahmood WP Docs plugin = 1.9.9 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Fahad Mahmood WP Docs plugin = 1.9.9 versions...

CVE-2023-32106 WordPress WP Docs Plugin <= 1.9.9 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Fahad Mahmood WP Docs plugin = 1.9.9 versions...

WordPress plugin WP Docs 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Failed transfer with low level call could be overlooked

Lines of code Vulnerability details Impact In LendingLedger.sol and votingEscrow.sol, low level call made using the call, According to the Solidity docs, "The low-level functions call, delegatecall and staticcall return true as their first return value if the account called is non-existent, as pa...

RHEL 8 : postgresql:13 (RHSA-2023:4527)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4527 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: schemaelement defeats protective...

Malicious code in react-toolbox-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 422a604d191acbb8c624bc1ef790995e034a891c2bb65d4fdf729675ed8d4ae6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-1018 Malicious code in react-toolbox-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 422a604d191acbb8c624bc1ef790995e034a891c2bb65d4fdf729675ed8d4ae6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in akita-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 114fb2289d01453676125580487fd32c170d5de19b49b286ae7b1ce9943135ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-86 Malicious code in akita-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 114fb2289d01453676125580487fd32c170d5de19b49b286ae7b1ce9943135ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Phishers Exploiting Google Docs to Harvest Crypto Credentials

By Deeba Ahmed The phishing campaign has been dubbed BEC 3.0 by researchers. This is a post from HackRead.com Read the original post: Phishers Exploiting Google Docs to Harvest Crypto Credentials...

WordPress Embed Docs - Elementor Files Addon,Elementor Docs Addon,Embed PDF, Word, PowerPoint and Excel Files in Gutenberg & Elementor Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Embed Docs - Elementor Files Addon,Elementor Docs Addon,Embed PDF, Word, PowerPoint and Excel Files in Gutenberg & Elementor Type Plugin Vulnerable versions = 2.0.3 Fixed in 3.0.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CV...

Failed transfer with low level call could be overlooked

Lines of code Vulnerability details Impact Transfers may fail silently. Proof of Concept According to the Solidity docs: "The low-level functions call, delegatecall and staticcall return true as their first return value if the account called is non-existent, as part of the design of the EVM...

New Attack Drops LokiBot Malware Via Malicious Macros in Word Docs

By Waqas LokiBot, a notorious Trojan active since 2015, specializes in stealing sensitive information from Windows machines, posing a significant threat to user data. This is a post from HackRead.com Read the original post: New Attack Drops LokiBot Malware Via Malicious Macros in Word Docs...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to systemd denial of service and information disclosure vulnerabilities( CVE-2022-3821, CVE-2022-4415)

Summary Potential systemd denial of service and information disclosure vulnerabilities CVE-2022-3821, CVE-2022-4415 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-3821...

Malicious code in docs-component-title (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1e4e933240e0533957a39c9132a6925469e069081320949dc198545fd1080a49 The OpenSSF Package Analysis project identified 'docs-component-title' @ 1.2.2 npm as malicious. It is considered malicious because: - The packa...