What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-09-16 02:48:22 | Third Critical Bug Affects Netgear Smart Switches - Details and PoC Released (lien direct) | New details have been revealed about a recently remediated critical vulnerability in Netgear smart switches that could be leveraged by an attacker to potentially execute malicious code and take control of vulnerable devices.
The flaw - dubbed "Seventh Inferno" (CVSS score: 9.8) - is part of a trio of security weaknesses, called Demon's Cries (CVSS score: 9.8) and Draconian Fear (CVSS score: 7.8) |
Vulnerability | ||
|
2021-09-14 22:00:22 | Microsoft Releases Patch for Actively Exploited Windows Zero-Day Vulnerability (lien direct) | A day after Apple and Google rolled out urgent security updates, Microsoft has pushed software fixes as part of its monthly Patch Tuesday release cycle to plug 66 security holes affecting Windows and other components such as Azure, Office, BitLocker, and Visual Studio, including an actively exploited zero-day in its MSHTML Platform that came to light last week.
Of the 66 flaws, three are rated |
Vulnerability | ||
|
2021-09-13 06:48:50 | Critical Bug Reported in NPM Package With Millions of Downloads Weekly (lien direct) | A widely used NPM package called 'Pac-Resolver' for the JavaScript programming language has been remediated with a fix for a high-severity remote code execution vulnerability that could be abused to run malicious code inside Node.js applications whenever HTTP requests are sent.
The flaw, tracked as CVE-2021-23406, has a severity rating of 8.1 on the CVSS vulnerability scoring system and affects |
Vulnerability | ||
|
2021-09-09 22:07:33 | Microsoft Warns of Cross-Account Takeover Bug in Azure Container Instances (lien direct) | Microsoft on Wednesday said it remediated a vulnerability in its Azure Container Instances (ACI) services that could have been exploited by a malicious actor "to access other customers' information" in what the researcher described as the "first cross-account container takeover in the public cloud."
An attacker exploiting the weakness could execute malicious commands on other users' containers, |
Vulnerability | ||
|
2021-09-08 22:45:14 | CISA Warns of Actively Exploited Zoho ManageEngine ADSelfService Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday issued a bulletin warning of a zero-day flaw affecting Zoho ManageEngine ADSelfService Plus deployments that is currently being actively exploited in the wild.
The flaw, tracked as CVE-2021-40539, concerns a REST API authentication bypass that could lead to arbitrary remote code execution (RCE). ADSelfService Plus |
Vulnerability Guideline | ||
|
2021-09-08 05:33:28 | HAProxy Found Vulnerable to Critical HTTP Request Smuggling Attack (lien direct) | A critical security vulnerability has been disclosed in HAProxy, a widely used open-source load balancer and proxy server, that could be abused by an adversary to possibly smuggle HTTP requests, resulting in unauthorized access to sensitive data and execution of arbitrary commands, effectively opening the door to an array of attacks.
Tracked as CVE-2021-40346, the Integer Overflow vulnerability |
Vulnerability | ||
|
2021-09-07 03:05:28 | Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server (lien direct) | The maintainers of Jenkins-a popular open-source automation server software-have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner.
The "successful attack," which is believed to have occurred last week, was mounted against its |
Vulnerability Threat | ||
|
2021-09-04 00:50:47 | Microsoft Says Chinese Hackers Were Behind SolarWinds Serv-U SSH 0-Day Attack (lien direct) | Microsoft has shared technical details about a now-fixed, actively exploited critical security vulnerability affecting SolarWinds Serv-U managed file transfer service that it has attributed with "high confidence" to a threat actor operating out of China.
In mid-July, the Texas-based company remedied a remote code execution flaw (CVE-2021-35211) that was rooted in Serv-U's implementation of the |
Vulnerability Threat | ||
|
2021-09-04 00:19:02 | U.S. Cyber Command Warns of Ongoing Attacks Exploiting Atlassian Confluence Flaw (lien direct) | The U.S. Cyber Command on Friday warned of ongoing mass exploitation attempts in the wild targeting a now-patched critical security vulnerability affecting Atlassian Confluence deployments that could be abused by unauthenticated attackers to take control of a vulnerable system.
"Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate," the Cyber National |
Vulnerability | ||
|
2021-09-02 23:20:20 | Cisco Issues Patch for Critical Enterprise NFVIS Flaw - PoC Exploit Available (lien direct) | Cisco has patched a critical security vulnerability impacting its Enterprise Network Function Virtualization Infrastructure Software (NFVIS) that could be exploited by an attacker to take control of an affected system.
Tracked as CVE-2021-34746, the weakness has been rated 9.8 out of a maximum of 10 on the Common Vulnerability Scoring System (CVSS) and could allow a remote attacker to circumvent |
Vulnerability | ||
|
2021-09-02 03:07:25 | WhatsApp Photo Filter Bug Could Have Exposed Your Data to Remote Attackers (lien direct) | A now-patched high-severity security vulnerability in WhatApp's image filter feature could have been abused to send a malicious image over the messaging app to read sensitive information from the app's memory.
Tracked as CVE-2020-1910 (CVSS score: 7.8), the flaw concerns an out-of-bounds read/write and stems from applying specific image filters to a rogue image and sending the altered image to |
Vulnerability | ||
|
2021-09-01 08:19:26 | Linphone SIP Stack Bug Could Let Attackers Remotely Crash Client Devices (lien direct) | Cybersecurity researchers on Tuesday disclosed details about a zero-click security vulnerability in Linphone Session Initiation Protocol (SIP) stack that could be remotely exploited without any action from a victim to crash the SIP client and cause a denial-of-service (DoS) condition.
Tracked as CVE-2021-33056 (CVSS score: 7.5), the issue concerns a NULL pointer dereference vulnerability in the |
Vulnerability | ||
|
2021-08-30 20:38:15 | New Microsoft Exchange \'ProxyToken\' Flaw Lets Attackers Reconfigure Mailboxes (lien direct) | Details have emerged about a now-patched security vulnerability impacting Microsoft Exchange Server that could be weaponized by an unauthenticated attacker to modify server configurations, thus leading to the disclosure of Personally Identifiable Information (PII).
The issue, tracked as CVE-2021-33766 (CVSS score: 7.3) and coined "ProxyToken," was discovered by Le Xuan Tuyen, a researcher at the |
Vulnerability Guideline | ||
|
2021-08-27 02:24:09 | Kaseya Issues Patches for Two New 0-Day Flaws Affecting Unitrends Servers (lien direct) | U.S. technology firm Kaseya has released security patches to address two zero-day vulnerabilities affecting its Unitrends enterprise backup and continuity solution that could result in privilege escalation and authenticated remote code execution.
The two weaknesses are part of a trio of vulnerabilities discovered and reported by researchers at the Dutch Institute for Vulnerability Disclosure ( |
Vulnerability | ||
|
2021-08-27 00:59:36 | Critical Cosmos Database Flaw Affected Thousands of Microsoft Azure Customers (lien direct) | Cloud infrastructure security company Wiz on Thursday revealed details of a now-fixed Azure Cosmos database vulnerability that could have been potentially exploited to grant any Azure user full admin access to other customers' database instances without any authorization.
The flaw, which grants read, write, and delete privileges, has been dubbed "ChaosDB," with Wiz researchers noting that "the |
Vulnerability | ||
|
2021-08-25 22:58:32 | Critical Flaw Discovered in Cisco APIC for Switches - Patch Released (lien direct) | Cisco Systems on Wednesday issued patches to address a critical security vulnerability affecting the Application Policy Infrastructure Controller (APIC) interface used in its Nexus 9000 Series Switches that could be potentially abused to read or write arbitrary files on a vulnerable system.
Tracked as CVE-2021-1577 (CVSS score: 9.1), the issue - which is due to improper access control - could |
Vulnerability | ||
|
2021-08-19 23:47:08 | Critical Flaw Found in Older Cisco Small Business Routers Won\'t Be Fixed (lien direct) | A critical vulnerability in Cisco Small Business Routers will not be patched by the networking equipment giant, since the devices reached end-of-life in 2019.
Tracked as CVE-2021-34730 (CVSS score: 9.8), the issue resides in the routers' Universal Plug-and-Play (UPnP) service, enabling an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart |
Vulnerability | ||
|
2021-08-18 08:48:40 | Critical ThroughTek SDK Bug Could Let Attackers Spy On Millions of IoT Devices (lien direct) | A security vulnerability has been found affecting several versions of ThroughTek Kalay P2P Software Development Kit (SDK), which could be abused by a remote attacker to take control of an affected device and potentially lead to remote code execution.
Tracked as CVE-2021-28372 (CVSS score: 9.6) and discovered by FireEye Mandiant in late 2020, the weakness concerns an improper access control flaw |
Vulnerability Guideline | ★★★ | |
|
2021-08-18 08:05:01 | BadAlloc Flaw Affects BlackBerry QNX Used in Millions of Cars and Medical Devices (lien direct) | A major vulnerability affecting older versions of BlackBerry's QNX Real-Time Operating System (RTOS) could allow malicious actors to cripple and gain control of a variety of products, including cars, medical, and industrial equipment.
The shortcoming (CVE-2021-22156, CVSS score: 9.0) is part of a broader collection of flaws, collectively dubbed BadAlloc, that was originally disclosed by |
Vulnerability | ||
|
2021-08-17 20:41:47 | Unpatched Remote Hacking Flaw Disclosed in Fortinet\'s FortiWeb WAF (lien direct) | Details have emerged about a new unpatched security vulnerability in Fortinet's web application firewall (WAF) appliances that could be abused by a remote, authenticated attacker to execute malicious commands on the system.
"An OS command injection vulnerability in FortiWeb's management interface (version 6.3.11 and prior) can allow a remote, authenticated attacker to execute arbitrary commands |
Vulnerability | ||
|
2021-08-13 01:32:51 | Ransomware Gangs Exploiting Windows Print Spooler Vulnerabilities (lien direct) | Ransomware operators such as Magniber and Vice Society are actively exploiting vulnerabilities in Windows Print Spooler to compromise victims and spread laterally across a victim's network to deploy file-encrypting payloads on targeted systems.
"Multiple, distinct threat actors view this vulnerability as attractive to use during their attacks and may indicate that this vulnerability will |
Ransomware Vulnerability Threat | ||
|
2021-08-11 22:23:20 | Microsoft Security Bulletin Warns of New Windows Print Spooler RCE Vulnerability (lien direct) | A day after releasing Patch Tuesday updates, Microsoft acknowledged yet another remote code execution vulnerability in the Windows Print Spooler component, adding that it's working to remediate the issue in an upcoming security update.
Tracked as CVE-2021-36958 (CVSS score: 7.3), the unpatched flaw is the latest to join a list of bugs collectively known as PrintNightmare that have plagued the |
Vulnerability | ||
|
2021-08-10 22:31:39 | Microsoft Releases Windows Updates to Patch Actively Exploited Vulnerability (lien direct) | Microsoft on Tuesday rolled out security updates to address a total of 44 security issues affecting its software products and services, one of which it says is an actively exploited zero-day in the wild.
The update, which is the smallest release since December 2019, squashes seven Critical and 37 Important bugs in Windows, .NET Core & Visual Studio, Azure, Microsoft Graphics Component, Microsoft |
Vulnerability | ||
|
2021-08-10 02:27:54 | Hackers Exploiting New Auth Bypass Bug Affecting Millions of Arcadyan Routers (lien direct) | Unidentified threat actors are actively exploiting a critical authentication bypass vulnerability to hijack home routers as part of an effort to co-opt them to a Mirai-variant botnet used for carrying out DDoS attacks, merely two days after its public disclosure.
Tracked as CVE-2021-20090 (CVSS score: 9.9), the weakness concerns a path traversal vulnerability in the web interfaces of routers |
Vulnerability Threat | ||
|
2021-08-09 06:43:39 | A Critical Random Number Generator Flaw Affects Billions of IoT Devices (lien direct) | A critical vulnerability has been disclosed in hardware random number generators used in billions of Internet of Things (IoT) devices whereby it fails to properly generate random numbers, thus undermining their security and putting them at risk of attacks.
"It turns out that these 'randomly' chosen numbers aren't always as random as you'd like when it comes to IoT devices," Bishop Fox |
Vulnerability | ||
|
2021-08-09 02:00:09 | Pulse Secure VPNs Get New Urgent Update for Poorly Patched Critical Flaw (lien direct) | Pulse Secure has shipped a fix for a critical post-authentication remote code execution (RCE) vulnerability in its Connect Secure virtual private network (VPN) appliances to address an incomplete patch for an actively exploited flaw it previously resolved in October 2020.
"The Pulse Connect Secure appliance suffers from an uncontrolled archive extraction vulnerability which allows an attacker to |
Vulnerability | ||
|
2021-08-06 03:34:12 | New Amazon Kindle Bug Could\'ve Let Attackers Hijack Your eBook Reader (lien direct) | Amazon earlier this April addressed a critical vulnerability in its Kindle e-book reader platform that could have been potentially exploited to take full control over a user's device, resulting in the theft of sensitive information by just deploying a malicious e-book.
"By sending Kindle users a single malicious e-book, a threat actor could have stolen any information stored on the device, from |
Vulnerability Threat | ||
|
2021-08-06 01:00:08 | India\'s Koo, a Twitter-like Service, Found Vulnerable to Critical Worm Attacks (lien direct) | Koo, India's homegrown Twitter clone, recently patched a serious security vulnerability that could have been exploited to execute arbitrary JavaScript code against hundreds of thousands of its users, spreading the attack across the platform.
The vulnerability involves a stored cross-site scripting flaw (also known as persistent XSS) in Koo's web application that allows malicious scripts to be |
Vulnerability | ||
|
2021-08-06 00:12:57 | VMware Issues Patches to Fix Critical Bugs Affecting Multiple Products (lien direct) | VMware has released security updates for multiple products to address a critical vulnerability that could be exploited to gain access to confidential information.
Tracked as CVE-2021-22002 (CVSS score: 8.6) and CVE-2021-22003 (CVSS score: 3.7), the flaws affect VMware Workspace One Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and |
Vulnerability | ||
|
2021-07-27 00:28:48 | Apple Releases Urgent 0-Day Bug Patch for Mac, iPhone and iPad Devices (lien direct) | Apple on Monday rolled out an urgent security update for iOS, iPadOS, and macOS to address a zero-day flaw that it said may have been actively exploited, making it the thirteenth such vulnerability Apple has patched since the start of this year.
The updates, which arrive less than a week after the company released iOS 14.7, iPadOS 14.7, and macOS Big Sur 11.5 to the public, fixes a memory |
Vulnerability | ||
|
2021-07-26 04:21:00 | How to Mitigate Microsoft Windows 10, 11 SeriousSAM Vulnerability (lien direct) | Microsoft Windows 10 and Windows 11 users are at risk of a new unpatched vulnerability that was recently disclosed publicly.
As we reported last week, the vulnerability - SeriousSAM - allows attackers with low-level permissions to access Windows system files to perform a Pass-the-Hash (and potentially Silver Ticket) attack.
Attackers can exploit this vulnerability to obtain hashed passwords |
Vulnerability | ||
|
2021-07-22 01:21:09 | Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws (lien direct) | Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system.
Chief among them is CVE-2019-2729, a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services that's remotely exploitable without |
Vulnerability | ||
|
2021-07-20 23:50:33 | New Windows and Linux Flaws Give Attackers Highest System Privileges (lien direct) | Microsoft's Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access Windows system files, in turn, enabling them to unmask the operating system installation password and even decrypt private keys.
"Starting with Windows 10 build 1809, non-administrative users are granted |
Vulnerability | ||
|
2021-07-20 04:47:36 | 16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printers (lien direct) | Details have emerged about a high severity security vulnerability affecting a software driver used in HP, Xerox, and Samsung printers that has remained undetected since 2005.
Tracked as CVE-2021-3438 (CVSS score: 8.8), the issue concerns a buffer overflow in a print driver installer package named "SSPORT.SYS" that can enable remote privilege and arbitrary code execution. Hundreds of millions of |
Vulnerability | ||
|
2021-07-19 00:04:21 | Researcher Uncover Yet Another Unpatched Windows Printer Spooler Vulnerability (lien direct) | Merely days after Microsoft sounded the alarm on an unpatched security vulnerability in the Windows Print Spooler service, possibly yet another zero-day flaw in the same component has come to light, making it the fourth printer-related flaw to be discovered in recent weeks.
"Microsoft Windows allows for non-admin users to be able to install printer drivers via Point and Print," CERT Coordination |
Vulnerability | ||
|
2021-07-17 06:39:39 | China\'s New Law Requires Researchers to Report All Zero-Day Bugs to Government (lien direct) | The Cyberspace Administration of China (CAC) has issued new stricter vulnerability disclosures regulations that mandate security researchers uncovering critical flaws in computer systems to mandatorily disclose them first-hand to the government authorities within two days of filing a report.
The "Regulations on the Management of Network Product Security Vulnerability" are expected to go into |
Vulnerability | ||
|
2021-07-17 05:09:38 | CloudFlare CDNJS Bug Could Have Led to Widespread Supply-Chain Attacks (lien direct) | Web infrastructure and website security company Cloudflare last month fixed a critical vulnerability in its CDNJS library that's used by 12.7% of all websites on the internet.
CDNJS is a free and open-source content delivery network (CDN) that serves about 4,041 JavaScript and CSS libraries, making it the second most popular CDN for JavaScript after Google Hosted Libraries.
The weakness |
Vulnerability | ||
|
2021-07-15 21:40:27 | Microsoft Warns of New Unpatched Windows Print Spooler Vulnerability (lien direct) | Microsoft on Thursday shared fresh guidance on yet another vulnerability affecting the Windows Print Spooler service, stating that it's working to address it in an upcoming security update.
Tracked as CVE-2021-34481 (CVSS score: 7.8), the issue concerns a local privilege escalation flaw that could be abused to perform unauthorized actions on the system. The company credited security researcher |
Vulnerability | ||
|
2021-07-12 21:52:02 | Critical RCE Flaw in ForgeRock Access Manager Under Active Attack (lien direct) | Cybersecurity agencies in Australia and the U.S. are warning of an actively exploited vulnerability impacting ForgeRock's OpenAM access management solution that could be leveraged to execute arbitrary code on an affected system remotely.
"The [Australian Cyber Security Centre] has observed actors exploiting this vulnerability to compromise multiple hosts and deploy additional malware and tools," |
Malware Vulnerability | ★★★ | |
|
2021-07-12 20:58:35 | A New Critical SolarWinds Zero-Day Vulnerability Under Active Attack (lien direct) | SolarWinds, the Texas-based company that became the epicenter of a massive supply chain attack late last year, has issued patches to contain a remote code execution flaw in its Serv-U product.
The fixes, which target Serv-U Managed File Transfer and Serv-U Secure FTP products, arrive after Microsoft notified the IT management and remote monitoring software maker that the flaw was being exploited |
Vulnerability | ||
|
2021-07-08 02:32:24 | How to Mitigate Microsoft Print Spooler Vulnerability – PrintNightmare (lien direct) | This week, PrintNightmare - Microsoft's Print Spooler vulnerability (CVE-2021-34527) was upgraded from a 'Low' criticality to a 'Critical' criticality.
This is due to a Proof of Concept published on GitHub, which attackers could potentially leverage for gaining access to Domain Controllers.
As we reported earlier, Microsoft already released a patch in June 2021, but it wasn't enough to stop |
Vulnerability | ||
|
2021-07-07 21:41:19 | Microsoft\'s Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability (lien direct) | Even as Microsoft expanded patches for the so-called PrintNightmare vulnerability for Windows 10 version 1607, Windows Server 2012, and Windows Server 2016, it has come to light that the patch for the remote code execution exploit in the Windows Print Spooler service can be bypassed in certain scenarios, effectively defeating the security protections and permitting attackers to run arbitrary |
Vulnerability | ||
|
2021-07-06 20:38:13 | Microsoft Issues Emergency Patch for Critical Windows PrintNightmare Vulnerability (lien direct) | Microsoft has shipped an emergency out-of-band security update to address a critical zero-day vulnerability - known as "PrintNightmare" - that affects the Windows Print Spooler service and can permit remote threat actors to run arbitrary code and take over vulnerable systems.
Tracked as CVE-2021-34527 (CVSS score: 8.8), the remote code execution flaw impacts all supported editions of Windows. |
Vulnerability Threat | ★★★★ | |
|
2021-07-04 23:42:47 | Microsoft Urges Azure Users to Update PowerShell to Patch RCE Flaw (lien direct) | Microsoft is urging Azure users to update the PowerShell command-line tool as soon as possible to protect against a critical remote code execution vulnerability impacting .NET Core.
The issue, tracked as CVE-2021-26701 (CVSS score: 8.1), affects PowerShell versions 7.0 and 7.1 and have been remediated in versions 7.0.6 and 7.1.3, respectively. Windows PowerShell 5.1 isn't impacted by the flaw. |
Tool Vulnerability | ||
|
2021-07-04 22:22:23 | REvil Used 0-Day in Kaseya Ransomware Attack, Demands $70 Million Ransom (lien direct) | Amidst the massive supply-chain ransomware attack that triggered an infection chain compromising thousands of businesses on Friday, new details have emerged about how the notorious Russia-linked REvil cybercrime gang may have pulled off the unprecedented hack.
The Dutch Institute for Vulnerability Disclosure (DIVD) on Sunday revealed it had alerted Kaseya to a number of zero-day vulnerabilities |
Ransomware Vulnerability | ||
|
2021-07-02 06:01:32 | New Mirai-Inspired Botnet Could Be Using Your KGUARD DVRs in Cyber Attacks (lien direct) | Cybersecurity researchers on Thursday revealed details about a new Mirai-inspired botnet called "mirai_ptea" that leverages an undisclosed vulnerability in digital video recorders (DVR) provided by KGUARD to propagate and carry out distributed denial-of-service (DDoS) attacks.
Chinese security firm Netlab 360 pinned the first probe against the flaw on March 23, 2021, before it detected active |
Vulnerability | ||
|
2021-07-01 23:01:04 | Microsoft Warns of Critical "PrintNightmare" Flaw Being Exploited in the Wild (lien direct) | Microsoft on Thursday officially confirmed that the "PrintNightmare" remote code execution (RCE) vulnerability affecting Windows Print Spooler is different from the issue the company addressed as part of its Patch Tuesday update released earlier this month, while warning that it has detected exploitation attempts targeting the flaw.
The company is tracking the security weakness under the |
Vulnerability | ||
|
2021-06-30 04:28:07 | Researchers Leak PoC Exploit for a Critical Windows RCE Vulnerability (lien direct) | A proof-of-concept (PoC) exploit related to a remote code execution vulnerability affecting Windows Print Spooler and patched by Microsoft earlier this month was briefly published online before being taken down.
Identified as CVE-2021-1675, the security issue could grant remote attackers full control of vulnerable systems. Print Spooler manages the printing process in Windows, including loading |
Vulnerability | ||
|
2021-06-29 06:06:56 | Unpatched Virtual Machine Takeover Bug Affects Google Compute Engine (lien direct) | An unpatched security vulnerability affecting Google's Compute Engine platform could be abused by an attacker to take over virtual machines over the network.
"This is done by impersonating the metadata server from the targeted virtual machine's point of view," security researcher Imre Rad said in an analysis published Friday. "By mounting this exploit, the attacker can grant access to themselves |
Vulnerability | ||
|
2021-06-28 06:08:38 | Microsoft Edge Bug Could\'ve Let Hackers Steal Your Secrets for Any Site (lien direct) | Microsoft last week rolled out updates for the Edge browser with fixes for two security issues, one of which concerns a security bypass vulnerability that could be exploited to inject and execute arbitrary code in the context of any website.
Tracked as CVE-2021-34506 (CVSS score: 5.4), the weakness stems from a universal cross-site scripting (UXSS) issue that's triggered when automatically |
Vulnerability |
To see everything:
Our RSS (filtrered)
