PT-2024-20997 · Weave · Weave Desktop

Name of the Vulnerable Software and Affected Versions: Weave Weave Desktop version 7.78.10 Description: An issue in Weave Weave Desktop allows a local attacker to execute arbitrary code via a crafted script to the nwjs framework component. Recommendations: For Weave Weave Desktop version 7.78.10,...

Weave Desktop 安全漏洞

Weave Desktop is a development tool for creating and managing microservices from Weave. A security vulnerability exists in Weave Desktop version v.7.78.10, which originates from a vulnerability that allows a local attacker to execute arbitrary code via the nwjs framework component...

Microsoft Warns of Large-Scale Click Fraud Campaign Targeting Gamers

Microsoft said it's tracking an ongoing large-scale click fraud campaign targeting gamers by means of stealthily deployed browser extensions on compromised systems. "The attackers monetize clicks generated by a browser node-webkit or malicious browser extension secretly installed on devices,"...

chrome-js (>=0.1.8 <=0.2.0), cpos (>=0.1.3 <=0.1.9) +20 more potentially affected by CVE-2016-10580 via nodewebkit (>=0.10.0-rc1-3 <=0.11.6)

nodewebkit NPM version =0.10.0-rc1-3, =0.1.8, =0.1.3, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =0.0.24, =1.6.1, =0.0.0, =0.1.0, =1.0.1, =0.0.0, =0.0.22 and more Source cves: CVE-2016-10580 Source advisory: OSV:GHSA-GC6C-5V9W-XMHW...