[![MEGA Cloud Storage Service](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj-AeSdD4PxVfgkUDRyMiTpSG8-IiB-GYuklgAB1IPnInpMOysu0OUU0alPOup0D0B-0ngbwcw73Bi0OSA3onFzgXSWwwkpY8j51HL1_56mgDP8J ...
Continue Reading22 июня, 2022
# Description Reflected XSS via filter bypass on /api/module using type= parameter. # Proof of Concept ``` https://demo.microweber.org/demo/api/module?type=&live_edit=true&from_url=test ``` T ...
Continue Reading22 июня, 2022
A phishing campaign is using voicemail notification messages to go after victims' Office 365 credentials. According to [researchers at ZScaler](), the campaign uses spoofed emails with an HTML attachm ...
Continue Reading22 июня, 2022
### Impact All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of ins ...
Continue Reading21 июня, 2022
### Impact All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of ins ...
Continue Reading21 июня, 2022
### Impact An attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally we convert to a `URL` object. The URL instantiation would fail due ...
Continue Reading21 июня, 2022
### Impact An attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally we convert to a `URL` object. The URL instantiation would fail due ...
Continue Reading21 июня, 2022
### Impact All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a `javascript:` link in the UI. When clicked by ...
Continue Reading21 июня, 2022
Back to Main