Lucene search
K

21 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:40 a.m.9 views

CVE-2023-0214

A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be...

6.1CVSS6.2AI score0.0189EPSS
Exploits4References1
Veracode
Veracode
added 2024/05/20 9:43 a.m.9 views

Open Redirect

drupal/drupal is vulnerable to Open Redirect. The vulnerability is due to the insecure handling of the "destination" query string parameter in Drupal core and contributed modules. This allows malicious users to craft URLs that redirect unsuspecting users to third-party websites...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/03 11:1 a.m.19 views

Class-Action Lawsuit against Google’s Incognito Mode

The lawsuit has been settled: Google has agreed to delete "billions of data records" the company collected while users browsed the web using Incognito mode, according to documents filed in federal court in San Francisco on Monday. The agreement, part of a settlement in a class action lawsuit file...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/04/01 5:58 p.m.18 views

Free VPN apps turn Android phones into criminal proxies

Researchers at HUMAN’s Satori Threat Intelligence have discovered a disturbing number of VPN apps that turn users devices into proxies for cybercriminals without their knowledge, as part of a camapign called PROXYLIB. Cybercriminals and state actors like to send their traffic through other people...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2024/01/31 11:0 a.m.27 views

Italian Businesses Hit by Weaponized USBs Spreading Cryptojacking Malware

A financially motivated threat actor known as UNC4990 is leveraging weaponized USB devices as an initial infection vector to target organizations in Italy. Google-owned Mandiant said the attacks single out multiple industries, including health, transportation, construction, and logistics. "UNC499...

8.1AI score
Exploits0
Securelist
Securelist
added 2023/06/05 10:0 a.m.28 views

Satacom delivers browser extension that steals cryptocurrency

Satacom downloader, also known as LegionLoader, is a renowned malware family that emerged in 2019. It is known to use the technique of querying DNS servers to obtain the base64-encoded URL in order to receive the next stage of another malware family currently distributed by Satacom. The Satacom...

7.4AI score
Exploits0
Apple
Apple
added 2022/01/26 12:0 a.m.67 views

About the security content of Safari 15.3

About the security content of Safari 15.3 This document describes the security content of Safari 15.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

8.8CVSS8.8AI score0.01973EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/12/08 10:15 p.m.14 views

CVE-2021-43540

WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox 95...

6.5CVSS0.00862EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2021/12/08 9:20 p.m.19 views

CVE-2021-43540

WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox 95...

6.5CVSS8.4AI score0.00862EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2021/12/08 9:20 p.m.42 views

CVE-2021-43540

WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox 95...

6.5CVSS7AI score0.00862EPSS
Exploits0
Apple
Apple
added 2020/09/16 12:0 a.m.361 views

About the security content of Safari 14.0

About the security content of Safari 14.0 This document describes the security content of Safari 14.0. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

8.8CVSS8.3AI score0.02236EPSS
Exploits0References1Affected Software1
Apple
Apple
added 2019/12/10 12:0 a.m.17 views

About the security content of Xcode 11.3

About the security content of Xcode 11.3 This document describes the security content of Xcode 11.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

8.8CVSS9AI score0.01274EPSS
Exploits0References1Affected Software1
Node.js
Node.js
added 2019/08/01 7:28 p.m.14 views

Open Redirect

Overview Versions of serveprior to 11.3.2 are vulnerable to Open Redirect. The package redirected requests to third-party websites for URLs such as localhost:5000//example.com/index. The user would be redirected to example.com. Recommendation Upgrade to version 11.3.2 or later. References...

6.9AI score
Exploits0Affected Software1
Malwarebytes
Malwarebytes
added 2019/02/04 5:30 p.m.126 views

Movie stream ebooks gun for John Wick 3 on Kindle store

We discovered a novel spam campaign over the weekend, targeting fans of John Wick on the Amazon Kindle store. The scam itself involves paying for what appears to be the upcoming third movie, turns into a bogus ebook, and goes on to hyperlink potential victims to a collection of third-party...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2017/12/04 3:28 p.m.9 views

Google Cracks Down On Nosy Android Apps

Google is cracking down on unwanted and harmful Android apps with a new effort that will show warnings on applications and on third-party websites distributing apps that collect personal data without user consent. The effort is an expansion of the Google Safe Browsing team’s mission to enforce th...

Exploits0References4
Apple
Apple
added 2017/10/31 12:0 a.m.27 views

About the security content of iCloud for Windows 7.1

About the security content of iCloud for Windows 7.1 This document describes the security content of iCloud for Windows 7.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

8.8CVSS0.3AI score0.06712EPSS
Exploits44References1Affected Software1
Hacker One
Hacker One
added 2017/02/27 4:10 p.m.46 views

Automattic: Cross Domain leakage of sensitive information - Leading to Account Takeover at Instagram Brand

Product / URL https://instagram-brand.com/register/reset/?email= Description and Impact After a user clicks on the password reset link obtained in inbox, the page for password resetting functionality opens. If you monitor the HTTP Requests that are done while that page is loaded, you will come to...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2016/08/27 6:34 a.m.11 views

Opera Browser Sync Service Hacked; Users' Data and Saved Passwords Compromised

Opera has reset passwords of all users for one of its services after hackers were able to gain access to one of its Cloud servers this week. Opera Software reported a security breach last night, which affects all users of the sync feature of its web browser. So, if you’ve been using Opera’s Cloud...

7.4AI score
Exploits0
Apple
Apple
added 2016/06/20 12:0 a.m.33 views

About the security content of AirPort Base Station Firmware Update 7.6.7 and 7.7.7

About the security content of AirPort Base Station Firmware Update 7.6.7 and 7.7.7 This document describes the security content of AirPort Base Station Firmware Update 7.6.7 and 7.7.7. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full...

10CVSS9.4AI score0.03926EPSS
Exploits0References1Affected Software2
Mozilla
Mozilla
added 2015/12/15 12:0 a.m.47 views

Cross-origin information leak through web workers error events — Mozilla

Security researcher Masato Kinugawa reported a cross-origin information leak through the error events in web workers. This violates same-origin policy and the leaked information could potentially be used by a malicious party to gather authentication tokens and other data from third-party websites...

5CVSS6.7AI score0.02529EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder