Mastodawn

Du hast sicher schon erlebt, dass eine Variable „weg“ ist, sobald eine Methode fertig ist. Gleichzeitig scheinen Objekte manchmal ewig zu leben - bis plötzlich der Speicher knapp wird. Das ist kein Zufall, sondern hängt daran, *wo* Java Dinge ablegt. Wenn du Heap, Stack und Metaspace einmal sa

https://magicmarcy.de/heap-stack-und-metaspace-warum-variablen-verschwinden-und-objekte-nicht

#Heap #Stack #Metaspace #Lebensdauer #Speicher #Xms #Xmx #Xss #Programming #Java #JVM #Coding

Heap, Stack und Metaspace - Warum Variablen verschwinden und Objekte nicht | magicmarcy.de

magicmarcy.de

Marcel SIneM(S)US 1d ago

Warnung vor Angriffen auf Cisco FMC, #SharePoint und #Zimbra | Security https://www.heise.de/news/Warnung-vor-Angriffen-auf-Cisco-FMC-SharePoint-und-Zimbra-11217003.html #Patchday #XSS #CrossSiteScripting

Warnung vor Angriffen auf Cisco FMC, SharePoint und Zimbra

Cyberkriminelle greifen derzeit Schwachstellen in Cisco FMC, SharePoint und Zimbra an. Updates zum Schließen der Lücken stehen bereit.

heise online

Marcel SIneM(S)US 1d ago

Webmailer #Roundcube: Kritische Lücken erlauben Dateimanipulation und mehr | Security https://www.heise.de/news/Webmailer-Roundcube-Kritische-Luecken-erlauben-Dateimanipulation-und-mehr-11217824.html #Patchday #XSS #CrossSiteScripting

Webmailer Roundcube: Kritische Lücken erlauben Dateimanipulation und mehr

Angreifer hätten beliebige Dateien auf den Webserver schreiben, Skriptcode einschleusen und Inhaltsfilter umgehen können.

heise online

github.com/ghostwriter 2d ago

Vulnerability in REST API allows attackers to upload executable files.

Unrestricted file upload: all #Magento #OpenSource and #AdobeCommerce versions up to 2.4.9-alpha2

#XSS: all versions pre-2.3.5 or custom webserver config

#RCE via #PHP upload: #nginx 2.0.0–2.2.x (via index.php filename), any non-stock version nginx passing all .php to fastcgi, #Apache pre-2.3.5 without php_flag engine 0

Patched: 2.4.9-alpha3+ (pre-release only)

https://www.bleepingcomputer.com/news/security/new-polyshell-flaw-allows-unauthenticated-rce-on-magento-e-stores/

https://sansec.io/research/magento-polyshell

#Magento2

New ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores

A newly disclosed vulnerability dubbed 'PolyShell' affects all Magento Open Source and Adobe Commerce stable version 2 installations, allowing unauthenticated code execution and account takeover.

BleepingComputer

The New Oil 2d ago

#CISA orders feds to patch #Zimbra #XSS flaw exploited in attacks

https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-zimbra-xss-flaw-exploited-in-attacks/

#cybersecurity

CISA orders feds to patch Zimbra XSS flaw exploited in attacks

CISA has ordered U.S. government agencies to secure their servers against an actively exploited vulnerability in the Zimbra Collaboration Suite (ZCS).

BleepingComputer

heise online English 3d ago

Webmailer Roundcube: Critical vulnerabilities allow file manipulation and more

Attackers could write arbitrary files to the web server, inject script code, and bypass content filters.

https://www.heise.de/en/news/Webmailer-Roundcube-Critical-vulnerabilities-allow-file-manipulation-and-more-11217923.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#XSS #IT #Security #Sicherheitslücken #news

Webmailer Roundcube: Critical vulnerabilities allow file manipulation and more

Attackers could write arbitrary files to the web server, inject script code, and bypass content filters.

heise online

heise Security 3d ago

Webmailer Roundcube: Kritische Lücken erlauben Dateimanipulation und mehr

Angreifer hätten beliebige Dateien auf den Webserver schreiben, Skriptcode einschleusen und Inhaltsfilter umgehen können.

https://www.heise.de/news/Webmailer-Roundcube-Kritische-Luecken-erlauben-Dateimanipulation-und-mehr-11217824.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#XSS #IT #Security #Sicherheitslücken #news

Webmailer Roundcube: Kritische Lücken erlauben Dateimanipulation und mehr

Angreifer hätten beliebige Dateien auf den Webserver schreiben, Skriptcode einschleusen und Inhaltsfilter umgehen können.

heise online

Offensive Sequence 3d ago

🚨 OpenProject CRITICAL XSS (CVE-2026-32703): Attackers with repo push access can inject persistent scripts via filenames, impacting all users viewing affected pages. Patch to 16.6.9/17.0.6/17.1.3/17.2.1+ now! https://radar.offseq.com/threat/cve-2026-32703-cwe-79-improper-neutralization-of-i-f2afc489 #OffSeq #XSS #OpenProject #infosec

Offensive Sequence 3d ago

⚠️ CRITICAL: CVE-2026-32703 in OpenProject (<16.6.9, <17.0.6, <17.1.3, <17.2.1) enables persistent XSS via repo filenames. Attackers w/ push access can inject scripts — risk: session hijack, data theft. Patch now! https://radar.offseq.com/threat/cve-2026-32703-cwe-79-improper-neutralization-of-i-f2afc489 #OffSeq #XSS #OpenProject #Vuln

Frontend Dogma 4d ago

Goodbye “innerHTML”, Hello “setHTML”: Stronger XSS Protection in Firefox 148, by @mozilla.org:

https://hacks.mozilla.org/2026/02/goodbye-innerhtml-hello-sethtml-stronger-xss-protection-in-firefox-148/

#javascript #methods #xss #security #firefox #mozilla #browsers

Goodbye innerHTML, Hello setHTML: Stronger XSS Protection in Firefox 148 – Mozilla Hacks - the Web developer blog

Cross-site scripting (XSS) remains one of the most prevalent vulnerabilities on the web. The new standardized Sanitizer API provides a straightforward way for web developers to sanitize untrusted HTML before inserting it into the DOM. Firefox 148 is the first browser to ship this standardized security enhancing API, advancing a safer web for everyone. We expect other browsers to follow soon.

Mozilla Hacks – the Web developer blog