CMP – Coming Soon & Maintenance Plugin By NiteoThemes Security Vulnerabilities

Security Bulletin: Vulnerability in Jinja affects IBM Process Mining CVE-2024-34064

Summary There is a vulnerability in Jinja that could allow an attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability....

Authentication Bypass by Spoofing in github.com/greenpau/caddy-security

Authentication Bypass by Spoofing in...

Use of Insufficiently Random Values in github.com/greenpau/caddy-security

Use of Insufficiently Random Values in...

Improper Validation of Array Index in github.com/greenpau/caddy-security

Improper Validation of Array Index in...

Open Redirect in github.com/greenpau/caddy-security

Open Redirect in...

caddy-security plugin for Caddy vulnerable to reflected Cross-site Scripting in github.com/greenpau/caddy-security

caddy-security plugin for Caddy vulnerable to reflected Cross-site Scripting in...

Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security

Improper Restriction of Excessive Authentication Attempts in...

Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-security

Improper Neutralization of HTTP Headers in...

Server-Side Request Forgery in github.com/greenpau/caddy-security

Server-Side Request Forgery in...

Cross-site Scripting in github.com/greenpau/caddy-security

Cross-site Scripting in...

Mattermost Jira Plugin does not properly check security levels in github.com/mattermost/mattermost-plugin-jira

Mattermost Jira Plugin does not properly check security levels in...

The DES/3DES cipher was used as part of the TLS protocol by installation tools in github.com/karmada-io/karmada

The DES/3DES cipher was used as part of the TLS protocol by installation tools in...

Insufficient Session Expiration in github.com/greenpau/caddy-security

Insufficient Session Expiration in...

Etcd pkg Insecure ciphers are allowed by default in go.etcd.io/etcd/client/pkg/v3

Etcd pkg Insecure ciphers are allowed by default in...

Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

Argo-cd authenticated users can enumerate clusters by name in...

Improper trust check in Bazel Build intellij plugin in github.com/bazelbuild/intellij

Improper trust check in Bazel Build intellij plugin in...

Minder affected by denial of service from maliciously configured Git repository in github.com/stacklok/minder

Minder affected by denial of service from maliciously configured Git repository in...

Security Bulletin: Vulnerability in Bouncy Castle Crypto Package For Java affects IBM Process Mining CVE-2024-30171

Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an remote authenticated attacker to obtain sensitive information on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability....

Security Bulletin: Vulnerability in Apache Commons Compress affects IBM Process Mining Multiple CVEs

Summary There is a vulnerability in Apache Commons Compress that could allow an remote attacker exploit to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability...

Security Bulletin: Vulnerability in Bouncy Castle Crypto Package For Java affects IBM Process Mining CVE-2024-34447

Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an attacker to perform a DNS poisoning attack on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

Security Bulletin: Vulnerability in Netty affects IBM Process Mining CVE-2024-29025

Summary There is a vulnerability in Netty that could allow an attacker to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-29025 ...

Security Bulletin: Vulnerability in Bouncy Castle Crypto Package For Java affects IBM Process Mining CVE-2024-30172

Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an attacker to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability...

Security Bulletin: Vulnerability in Pydantic affects IBM Process Mining CVE-2024-3772

Summary There is a vulnerability in Pydantic that could allow an attacker to cause a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-3772 ...

Security Bulletin: Vulnerability in Node.js affects IBM Process Mining CVE-2024-28849

Summary There is a vulnerability in Node.js that could allow an remote authenticated attacker to obtain sensitive information on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID:...

Security Bulletin: Vulnerability in VMware Tanzu Spring Framework affects IBM Process Mining CVE-2024-22262

Summary There is a vulnerability in VMware Tanzu Spring Framework that could allow a remote attacker to conduct phishing attacks on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID:....

Security Bulletin: Vulnerability in Gunicorn affects IBM Process Mining CVE-2024-1135

Summary There is a vulnerability in Gunicorn that could allow an attacker to conduct XSS attacks on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-1135 DESCRIPTION:...

app.lotterease.com Cross Site Scripting vulnerability OBB-3939482

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Security Bulletin: Vulnerability in Bouncy Castle Crypto Package For Java affects IBM Process Mining CVE-2024-29857

Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an attacker to cause excessive CPU consumption on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details.....

Security Bulletin: Vulnerability in sqlparse affects IBM Process Mining CVE-2024-4340

Summary There is a vulnerability in sqlparse that could allow an attacker to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-4340 .....

Security Bulletin: Vulnerability in Pallets Werkzeug affects IBM Process Mining CVE-2024-34069

Summary There is a vulnerability in Pallets Werkzeug that could allow an attacker to gain elevated privileges on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-34069 ...

bridalpartytees.com Cross Site Scripting vulnerability OBB-3939481

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords

Update #1: As of 12:36PM EST, another plugin has been infected. We've updated the list below to include this fourth plugin and the plugins team has been notified. Update #2: As of 2:20 PM EST, two more plugins appear to have malicious commits, however, the releases have not officially been made...

tgpecatsib.tatamotors.com Cross Site Scripting vulnerability OBB-3939480

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Exploit for CVE-2024-34102

🇮🇱 **#BringThemHome...

hanson.ad Cross Site Scripting vulnerability OBB-3939478

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

gratisspil.dk Cross Site Scripting vulnerability OBB-3939476

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

fysikoaerioellados.gr Cross Site Scripting vulnerability OBB-3939475

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

lasalina.es Cross Site Scripting vulnerability OBB-3939474

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CometBFT is unstability during blocksync when syncing from malicious peer

Name: ASA-2024-008: Instability during blocksync when syncing from malicious peer Component: CometBFT Criticality: Medium (ACMv1: I:Moderate; L: Possible) Affected versions: < v0.38.7 Summary An issue was identified for nodes syncing on an existing network during blocksync in which a malicious.....

CometBFT is unstability during blocksync when syncing from malicious peer

Name: ASA-2024-008: Instability during blocksync when syncing from malicious peer Component: CometBFT Criticality: Medium (ACMv1: I:Moderate; L: Possible) Affected versions: < v0.38.7 Summary An issue was identified for nodes syncing on an existing network during blocksync in which a malicious.....

search.staffs.ac.uk Cross Site Scripting vulnerability OBB-3939471

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

campion.edu.ro Cross Site Scripting vulnerability OBB-3939472

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

probabilistic-robotics.org Cross Site Scripting vulnerability OBB-3939470

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

sesrc.wsu.edu Cross Site Scripting vulnerability OBB-3939469

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

filmisub.cc Cross Site Scripting vulnerability OBB-3939468

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

vedanasbavi.cz Cross Site Scripting vulnerability OBB-3939467

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

ueltschi.org Cross Site Scripting vulnerability OBB-3939466

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

filepursuit.com Cross Site Scripting vulnerability OBB-3939465

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

marefelice.it Cross Site Scripting vulnerability OBB-3939464

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Security Bulletin: IBM Master Data Management is vulnerable to identity spoofing caused by vulnerabilites in IBM WebSphere Application Server

Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability to identity spoofing in WebSphere Application Server. IBM WebSphere Application Server is vulnerable to identity spoofing by an authenticated user due to improper signature validation. Vulnerability Details **...