Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training Security Vulnerabilities

WebKitGTK vulnerabilities

Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Packages webkit2gtk - Web content engine library for GTK+ Details Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could...

Eclipse ThreadX Buffer Overflows

...

amavisd-new vulnerability

Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages amavisd-new - Interface between MTA and virus scanner/content filters Details It was discovered that amavisd-new incorrectly handled certain MIME email messages with multiple boundary parameters. A remote...

FleetCart 4.1.1 Information Disclosure Vulnerability

...

Siemens CP-XXXX Series Exposed Serial Shell

...

HAWKI 1.0.0-beta.1 XSS / File Overwrite / Session Fixation

...

LibreOffice vulnerability

Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages libreoffice - Office productivity suite Details Amel Bouziane-Leblond discovered that LibreOffice incorrectly handled graphic on-click bindings. If a user were tricked into clicking a graphic in a specially...

CVE-2024-29078

Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the product...

CVE-2024-28880

Path traversal vulnerability in MosP kintai kanri V4.6.6 and earlier allows a remote attacker who can log in to the product to obtain sensitive information of the...

CVE-2024-35219

OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...

CVE-2024-35238

Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that...

CVE-2024-35238

Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that...

CVE-2024-35238 Denial of service of Minder Server from maliciously crafted GitHub attestations

Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that...

CVE-2024-35219

OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...

CVE-2024-35219

OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...

CVE-2024-35219 OpenAPI Generator Online - Arbitrary File Read/Delete

OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...

Exploit for Deserialization of Untrusted Data in Vmware Spring For Apache Kafka

CVE-2023-34040 Spring Kafka Deserialization Remote Code...

Exploit for CVE-2024-3552

CVE-2024-3552-Poc CVE-2024-3552 Web Directory Free <=...

Message board scams

Marketplace fraud is nothing new. Cybercriminals swindle money out of buyers and sellers alike. Lately, we've seen a proliferation of cybergangs operating under the Fraud-as-a-Service model and specializing in tricking users of online marketplaces, in particular, message boards. Criminals are...

SherlockChain - A Streamlined AI Analysis Framework For Solidity, Vyper And Plutus Contracts

SherlockChain is a powerful smart contract analysis framework that combines the capabilities of the renowned Slither tool with advanced AI-powered features. Developed by a team of security experts and AI researchers, SherlockChain offers unparalleled insights and vulnerability detection for...

Exploit for CVE-2024-21683

Usage python poc.py -u...

CVE-2024-26256

A flaw was found in the libarchive library. A heap-based buffer overflow in the execute_filter_e8 function in the libarchive/archive_read_support_format_rar.c file can be triggered when a specially crafted RAR archive is processed, causing a crash to the application linked to the library, and...

Threat landscape for industrial automation systems, Q1 2024

Global statistics Statistics across all threats In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 pp from the previous quarter to 24.4%. Compared to the first quarter of 2023, the percentage decreased by 1.3 pp. Percentage of...

A week in security (May 20 – May 26)

Last week on Malwarebytes Labs: How AI will change your credit card behind the scenes Criminal record database of millions of Americans dumped online Microsoft AI "Recall" feature records everything, secures far less How to remove a user from a shared Android device How to remove a user from a...

Exploit for CVE-2024-30056

Microsoft-Edge-Information-Disclosure CVE-2024-30056...

CVE-2024-35297

Cross-site scripting vulnerability exists in WP Booking versions prior to 2.4.5. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the...

CVE-2024-35291

Cross-site scripting vulnerability exists in Splunk Config Explorer versions prior to 1.7.16. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the...

CVE-2024-35297

Cross-site scripting vulnerability exists in WP Booking versions prior to 2.4.5. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the...

CVE-2024-35291

Cross-site scripting vulnerability exists in Splunk Config Explorer versions prior to 1.7.16. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the...

K000139793: MacOS vulnerability CVE-2023-41993

Security Advisory Description The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7....

Debian: Security Advisory (DLA-3821-1)

The remote host is missing an update for the...

CVE-2024-5383

A vulnerability classified as problematic has been found in lakernote EasyAdmin up to 20240324. This affects an unknown part of the file /sys/file/upload. The manipulation of the argument file leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

CVE-2024-5383 lakernote EasyAdmin upload cross site scripting

A vulnerability classified as problematic has been found in lakernote EasyAdmin up to 20240324. This affects an unknown part of the file /sys/file/upload. The manipulation of the argument file leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

Exploit for CVE-2024-4443

CVE-2024-4443-Poc CVE-2024-4443 Business Directory Plugin –...

Exploit for OS Command Injection in Dolibarr Dolibarr Erp\/Crm

CVE-2023-30253...

Exploit for CVE-2024-4956

README.md CVE-2024-4956 Bulk Scanner Disclaimer ...

[SECURITY] [DLA 3821-1] libreoffice security update

Debian LTS Advisory DLA-3821-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 26, 2024 https://wiki.debian.org/LTS Package : libreoffice Version : 1:6.1.5-3+deb10u12 CVE...

[SECURITY] Fedora 40 Update: rust-zram-generator-1.1.2-11.fc40

This is a systemd unit generator that enables swap on zram. (With zram, there is no physical swap device. Part of the available RAM is used to store compressed pages, essentially trading CPU cycles for memor y.) To activate, install zram-generator-defaults...

[SECURITY] Fedora 40 Update: rust-varlink_generator-10.1.0-6.fc40

Rust code generator for the varlink...

[SECURITY] Fedora 40 Update: rust-names-0.14.0-2.fc40

A random name generator with names suitable for use in container instances, project names, application instances,...

[SECURITY] Fedora 40 Update: rust-cargo-readme-3.3.1-3.fc40

A cargo subcommand to generate README.md content from doc...

[SECURITY] Fedora 40 Update: rust-bitvec_helpers-3.1.4-1.fc40

BitVec based bitstream reader and...

[SECURITY] Fedora 40 Update: loupe-46.2-2.fc40

An image viewer application written with GTK 4, Libadwaita and Rust. Features: - Fast GPU accelerated image rendering with tiled rendering for SVGs - Extendable and sandboxed (expect SVG) image decoding - Support for more than 15 image formats by default - Extensive support for touchpad and...

[SECURITY] Fedora 40 Update: glycin-loaders-1.0.1-4.fc40

Sandboxed and extendable image...

[SECURITY] Fedora 40 Update: buildah-1.35.4-1.fc40

The buildah package provides a command line tool which can be used to * create a working container from scratch or * create a working container from an image as a starting point * mount/umount a working container's root file system for manipulation * save container's root file system layer to...

Debian dla-3821 : fonts-opensymbol - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3821 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3821-1 [email protected] ...

DedeCMS 5.7.87 - Directory Traversal

Directory traversal vulnerability in DedeCMS 5.7.87 allows reading sensitive files via the $activepath...

JA4+ - Suite Of Network Fingerprinting Standards

JA4+ is a suite of network Fingerprinting methods that are easy to use and easy to share. These methods are both human and machine readable to facilitate more effective threat-hunting and analysis. The use-cases for these fingerprints include scanning for threat actors, malware detection, session.....

[SECURITY] [DLA 3819-1] fossil security update

Debian LTS Advisory DLA-3819-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 25, 2024 https://wiki.debian.org/LTS Package : fossil Version : 1:2.8-1+deb10u1 CVE ID :...

[SECURITY] [DLA 3818-1] apache2 security update

Debian LTS Advisory DLA-3818-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 24, 2024 https://wiki.debian.org/LTS Package : apache2 Version : 2.4.59-1~deb10u1 CVE ID :...