Drupal core – Moderately critical – Third-party libraries – SA-CORE-2022-006
Project: Drupal core Date: 2022-March-21 Security risk: Moderately critical 11∕25 AC:Complex/A:None/CI:None/II:Some/E:Theoretical/TD:Default Vulnerability: Third-party libraries CVE IDs: CVE-2022-24775 Description: Drupal uses the third-party Guzzle library for...
CVE-2021-25019
The SEO Plugin by Squirrly SEO WordPress plugin before 11.1.12 does not escape the type parameter before outputting it back in an attribute in an...
CVE-2021-24905
The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not...
New Mexico Appoints Cybersecurity Advisor
Annie Winterfield Manriquez becomes state’s first senior advisor for Cybersecurity and Critical Infrastructure Read More
FTC Accuses CafePress of Data Breach “Cover-Up”
Commission orders e-commerce platform to compensate small businesses and improve security Read More
Dental Care Data Breach May Impact 1 Million Texans
Social Security numbers at risk in state’s largest reported breach since notification law enacted Read More
Scottish mental health charity “devastated” by heartless RansomEXX ransomware attack
The RansomEXX ransomware gang has seen fit to publish on the dark web 12GB of data stolen from SAMH, including unredacted photographs of individuals' driving...
Open-Xchange Security Advisory 2022-03-21
Posted by Martin Heiland via Fulldisclosure on Mar 21 Dear subscribers, we're sharing our latest advisory with you and like to thank everyone who contributed...
Developer Sabotages Open-Source Software Package
This is a big deal: A developer has been caught adding malicious code to a popular open-source package that wiped files on computers located in...
CVE-2020-24772
In Dreamacro 1.1.0, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and...