FreshRSS

🔒
△ 🔃
☐ ☆ ✇ The Hacker News

WordPress Releases Update 6.4.2 to Address Critical Remote Attack Vulnerability

By Newsroom — December 8th 2023 at 09:23
WordPress has released version 6.4.2 with a patch for a critical security flaw that could be exploited by threat actors by combining it with another bug to execute arbitrary PHP code on vulnerable sites. "A remote code execution vulnerability that is not directly exploitable in core; however, the security team feels that there is a potential for high severity when combined with some plugins,
☐ ☆ ✇ Naked Security

Popular JWT cloud security library patches “remote” code execution hole

By Paul Ducklin — January 10th 2023 at 19:59
It's remotely triggerable, but attackers would already have pretty deep network access if they could "prime" your server for compromise.

☐ ☆ ✇ The Hacker News

Severe Security Flaw Found in "jsonwebtoken" Library Used by 22,000+ Projects

By Ravie Lakshmanan — January 10th 2023 at 08:54
A high-severity security flaw has been disclosed in the open source jsonwebtoken (JWT) library that, if successfully exploited, could lead to remote code execution on a target server. "By exploiting this vulnerability, attackers could achieve remote code execution (RCE) on a server verifying a maliciously crafted JSON web token (JWT) request," Palo Alto Networks Unit 42 researcher Artur Oleyarsh
☐ ☆ ✇ The Hacker News

High-Severity RCE Vulnerability Reported in Popular Fastjson Library

By Ravie Lakshmanan — June 16th 2022 at 08:25
Cybersecurity researchers have detailed a recently patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution. Tracked as CVE-2022-25845 (CVSS score: 8.1), the issue relates to a case of deserialization of untrusted data in a supported feature called "AutoType." It was patched by the project maintainers in 
❌