DuoFAQ - Responsive, Flat, Simple FAQ Security Vulnerabilities

CVE-2024-36396

Verint - CWE-434: Unrestricted Upload of File with Dangerous...

CVE-2024-36396

Verint - CWE-434: Unrestricted Upload of File with Dangerous...

CVE-2024-36395

Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic...

CVE-2024-36395

Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic...

CVE-2024-36396 Verint - CWE-434: Unrestricted Upload of File with Dangerous Type

Verint - CWE-434: Unrestricted Upload of File with Dangerous...

CVE-2024-36395 Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic...

Cinterion EHS5 3G UMTS/HSPA Module Research

Modems play an important role in enabling connectivity for a wide range of devices. This includes not only traditional mobile devices and household appliances, but also telecommunication systems in vehicles, ATMs and Automated Process Control Systems (APCS). When integrating the modem, many...

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2008-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2008-1 advisory. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were...

SummerNote Cross Site Scripting Vulnerability

SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View...

SummerNote Cross Site Scripting Vulnerability

SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View...

CVE-2024-37629

SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View...

CVE-2024-37629

SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View...

CVE-2023-40603

Missing Authorization vulnerability in Gangesh Matta Simple Org Chart.This issue affects Simple Org Chart: from n/a through...

CVE-2023-40603

Missing Authorization vulnerability in Gangesh Matta Simple Org Chart.This issue affects Simple Org Chart: from n/a through...

CVE-2023-40603 WordPress Simple Org Chart plugin <= 2.3.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Gangesh Matta Simple Org Chart.This issue affects Simple Org Chart: from n/a through...

CVE-2023-51526

Missing Authorization vulnerability in Brett Shumaker Simple Staff List.This issue affects Simple Staff List: from n/a through...

CVE-2023-51526

Missing Authorization vulnerability in Brett Shumaker Simple Staff List.This issue affects Simple Staff List: from n/a through...

CVE-2023-51526 WordPress Simple Staff List plugin <= 2.2.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Brett Shumaker Simple Staff List.This issue affects Simple Staff List: from n/a through...

[SECURITY] Fedora 39 Update: singularity-ce-3.11.5^20240603gbd4675f-1.fc39

SingularityCE is the Community Edition of Singularity, an open source container platform designed to be simple, fast, and...

[SECURITY] Fedora 40 Update: php-8.3.8-1.fc40

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Debian dsa-5709 : firefox-esr - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5709 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5709-1 [email protected] ...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : unbound (SUSE-SU-2024:1991-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1991-1 advisory. unbound was updated to 1.20.0: * A lot of bugfixes and added features. For a complete list...

CVE-2024-37629

SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View...

SUSE: Security Advisory (SUSE-SU-2024:1991-1)

The remote host is missing an update for...

[SECURITY] [DSA 5708-1] cyrus-imapd security update

Debian Security Advisory DSA-5708-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 11, 2024 https://www.debian.org/security/faq Package : cyrus-imapd CVE ID : CVE-2024-34055 Damian...

[SECURITY] [DSA 5707-1] vlc security update

Debian Security Advisory DSA-5707-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 11, 2024 https://www.debian.org/security/faq Package : vlc CVE ID : not yet available A buffer overflow...

CVE-2023-51519

Missing Authorization vulnerability in Soliloquy Team Slider by Soliloquy.This issue affects Slider by Soliloquy: from n/a through...

CVE-2023-51519

Missing Authorization vulnerability in Soliloquy Team Slider by Soliloquy.This issue affects Slider by Soliloquy: from n/a through...

10 years of the GitHub Security Bug Bounty Program

Each year, we celebrate the GitHub Security Bug Bounty program, highlighting impressive bugs and researchers, rewards, live hacking events, and more. This year, we celebrate a new milestone: 10 years of the GitHub Security Bug Bounty program! While we've had some exciting growth over the last 10...

CVE-2023-51519 WordPress Slider by Soliloquy – Responsive Image Slider for WordPress plugin <= 2.7.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Soliloquy Team Slider by Soliloquy.This issue affects Slider by Soliloquy: from n/a through...

CVE-2023-51519 WordPress Slider by Soliloquy – Responsive Image Slider for WordPress plugin <= 2.7.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Soliloquy Team Slider by Soliloquy.This issue affects Slider by Soliloquy: from n/a through...

LLMs Acting Deceptively

New research: "Deception abilities emerged in large language models": Abstract: Large language models (LLMs) are currently at the forefront of intertwining AI systems with human communication and everyday life. Thus, aligning them with human values is of great importance. However, given the...

When things go wrong: A digital sharing warning for couples

“When things go wrong” is a troubling prospect for most couples to face, but the internet—and the way that romantic partners engage both with and across it—could require that this worst-case scenario become more of a best practice. In new research that Malwarebytes will release this month,...

CVE-2024-5584

The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-5584

The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-5584 WordPress Online Booking and Scheduling Plugin – Bookly <= 23.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Color Profile Parameter

The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-5584 WordPress Online Booking and Scheduling Plugin – Bookly <= 23.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Color Profile Parameter

The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for...

QR code SQL injection and other vulnerabilities in a popular biometric terminal

Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that does not require the user to exert any extra effort. Yet, biometric scanners, as any other tech,.....

Responsive < 5.0.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Responsive theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 5.0.3.1 (exclusive) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level...

Debian dsa-5707 : libvlc-bin - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5707 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5707-1 [email protected] ...

Debian dsa-5708 : cyrus-admin - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5708 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5708-1 [email protected] ...

Exploit for CVE-2023-33105

CVE-2023-33105: Transient DOS in WLAN Host and Firmware...

A European Summer of Sports is Upon Us – What Does it Mean for Security?

The recent Champions League final in London (congratulations, Real Madrid!) marked the opening shot to a hot European summer of major sporting events. We now approach the highly anticipated UEFA EURO 2024 football tournament in Germany and the Olympic Games in Paris 2024. And as we do, bad actors.....

CVE-2024-3700

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations. This issue affects Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer...

CVE-2024-3700

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations. This issue affects Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer...

CVE-2024-3700 Hardcoded password in Estomed Sp. z o.o. Simple Care software

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations. This issue affects Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer...

CVE-2024-35722

Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through...

CVE-2024-35721

Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through...

CVE-2024-35722

Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through...

CVE-2024-35721

Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through...