42 matches found
CVE-2020-29364
In NetArt News Lister 1.0.0, the news headlines vulnerable to stored xss attacks. Attackers can inject codes in news titles...
CVE-2025-46656
python-markdownify aka markdownify before 0.14.1 allows large headline prefixes such as in addition to through . This causes memory consumption...
PT-2025-17965 · Unknown · Python-Markdownify
Name of the Vulnerable Software and Affected Versions: python-markdownify aka markdownify versions prior to 0.14.1 Description: The issue allows large headline prefixes, such as , in addition to the standard through tags. This can cause excessive memory consumption. Recommendations: For versions...
CVE-2025-46656
python-markdownify aka markdownify before 0.14.1 allows large headline prefixes such as in addition to through . This causes memory consumption...
The massive computer outage over the weekend was not a cyber attack, and I’m not sure why we have to keep saying that
Youre not going to believe this, but there was a lot of misinformation on social media over the weekend after the massive CrowdStrike/Microsoft outage. As airlines cancelled flights, hospitals had to reschedule patients and some companies just flat-out couldnt work on Friday, people were quick to...
WordPress 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 Plugin <= 4.2.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 Type Plugin Vulnerable versions = 4.2.7 Fixed in 4.2.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-26531 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID...
Cross-site Scripting (XSS)
dompurify is vulnerable to cross-site scripting XSS attacks. The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject and execute malicious JavaScript via nested headlines...
GHSA-H6P3-P4VX-WR8Q dompurify vulnerable to Cross-site Scripting
dompurify prior to version 2.2.3 is vulnerable to a cross-site scripting problem caused by nested headlines...
dompurify vulnerable to Cross-site Scripting
dompurify prior to version 2.2.3 is vulnerable to a cross-site scripting problem caused by nested headlines...
PT-2023-33023 · Dompurify · Dompurify
Name of the Vulnerable Software and Affected Versions: dompurify versions prior to 2.2.3 Description: The issue is caused by nested headlines, leading to a cross-site scripting problem. Recommendations: For versions prior to 2.2.3, update to version 2.2.3 or later to resolve the issue...
adam-boissons.fr Cross Site Scripting vulnerability OBB-2836722
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Beating security fatigue with Troy Hunt, Chloé Messdaghi, and Tanya Janca: Lock and Code S02E06
This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we speak to Point3 Security chief strategist Chloé Messdaghi, HaveIBeenPwned founder Troy Hunt, and We Hack Purple founder and CEO Tanya Janca about security fatigue. Security fatigue is...
Talking Emotet’s takedown with Adam Kujawa: Lock and Code S02E02
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Adam Kujawa, security evangelist and director of Malwarebytes Labs, about Emotet, the former public enemy No. 1 in the cybercrime world. What began in 20...
News Lister Cross-Site Scripting Vulnerability
News Lister is a free php script for adding a news section to an existing website or creating a simple news site or personal blog. A stored cross-site scripting vulnerability exists in News Lister 1.0.0. An attacker can exploit the vulnerability to insert code into news headlines...
CVE-2020-29364
In NetArt News Lister 1.0.0, the news headlines vulnerable to stored xss attacks. Attackers can inject codes in news titles...
Lock and Code S1Ep20: Tracking the charities that track you online with Chris Boyd
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Chris Boyd, lead malware intelligence analyst for Malwarebytes, about charity organizations and online ad tracking. Though many might assume that these t...
Lock and Code S1Ep18: Finding consumer value in Cybersecurity Awareness Month with Jamie Court
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Jamie Court, president of the non-profit advocacy group Consumer Watchdog, about the consumer value in Cybersecurity Awareness Month. Launched initially ...
Can Edge Computing Exist Without the Edge? Part 1: The Edge
If the title sounds like a trick question, it really depends on who you ask. Semantically, it seems clear that if you take the "edge" and combine it with "computing" you get edge computing. But if you have been reading headlines, you would be justified in having doubts that the answer is that...
Lock and Code S1Ep16: Investigating digital vulnerabilities with Samy Kamkar
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Samy Kamkar, chief security officer and co-founder of Open Path, about the digital vulnerabilities in our physical world. If you look through a recent...
Lock and Code S1Ep12: Pinpointing identity and access management’s future with Chuck Brooks
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Chuck Brooks, cybersecurity evangelist and adjunct professor for Georgetown University’s Applied Intelligence Program and graduate Cybersecurity Programs...