all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Vulnerabilities in Popular Fonts Allow XXE Attacks and Arbitrary Command Execution

Add to bookmarks
March 11, 2024, 11:06 a.m. | Dhivya

Cyber Security News cybersecuritynews.com

The popular fonts used in web development and design can be exploited to launch XML External Entity (XXE) attacks and execute arbitrary commands. These vulnerabilities, identified as CVE-2023-45139, CVE-2024-25081, and CVE-2024-25082, pose a significant threat, allowing for XML External Entity (XXE) attacks and arbitrary command execution.  This poses a significant security risk to users and […]


The post Vulnerabilities in Popular Fonts Allow XXE Attacks and Arbitrary Command Execution appeared first on Cyber Security News.

attacks can command cve design development exploited external fonts launch popular threat vulnerabilities vulnerability web web development xml xxe

Visit resource

More from cybersecuritynews.com / Cyber Security News

Dropbox Sign Hacked: Attackers Stolen API Keys, MFA, & Hashed Passwords 3 hours ago | cybersecuritynews.com
access api api keys april +27
Top 8 SSPM Tools to Secure Your SaaS Stack in 2024 15 hours ago | cybersecuritynews.com
applications as-a-service automation businesses +24
Hackers Infiltrated 9-days Within UnitedHealth Network Before Ransomware Attack 22 hours ago | cybersecuritynews.com
alphv attack blackcat breach +21
Malware Cuckoo – Previously Unknown Infosteler Spyware Steals Data From MacOS 23 hours ago | cybersecuritynews.com
april bird code cuckoo +16
Postman API Testing Platform Flaw Exposes Sensitive Credentials 1 day, 1 hour ago | cybersecuritynews.com
api api testing credentials cyber security +19
Millions of Docker Hub Repositories Found Pushing Malware for Over 5 Years 1 day, 2 hours ago | cybersecuritynews.com
access applications cyber security developers +19
Investigating Two TeamCity Authentication Bypass Vulnerabilities 1 day, 14 hours ago | cybersecuritynews.com
access account account takeovers array +29
Threat Actors Claiming of 0-Day Vulnerability in Zyxel VPN Device 1 day, 16 hours ago | cybersecuritynews.com
0-day vulnerability access attackers claim +18
Muddling Meerkat Using DNS As A Powerful Weapon For Sophistication 1 day, 17 hours ago | cybersecuritynews.com
actor attacks china chinese +32

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Senior Software Engineer, Security

@ Niantic | Zürich, Switzerland
View on infosec-jobs.com

Consultant expert en sécurité des systèmes industriels (H/F)

@ Devoteam | Levallois-Perret, France
View on infosec-jobs.com

Cybersecurity Analyst

@ Bally's | Providence, Rhode Island, United States
View on infosec-jobs.com

Digital Trust Cyber Defense Executive

@ KPMG India | Gurgaon, Haryana, India
View on infosec-jobs.com

Program Manager - Cybersecurity Assessment Services

@ TestPros | Remote (and DMV), DC
View on infosec-jobs.com
View more jobs