PYSEC-2024-14

Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version...

CVE-2023-50944

CVE-2023-50944 affects Apache Airflow prior to 2.8.1. An authenticated user can access the source code of a DAG to which they do not have access, resulting in information disclosure. The vulnerability is described as low severity (CVSS 3.1 base score 6.5) due to the need for authentication. No ex...

PT-2024-1305 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.8.1 Description: The issue is related to a lack of authorization in Apache Airflow, allowing an authenticated user to access the source code of a DAG they do not have access to. This issue is considered low...

Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver

In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware...

WordPress plugin ark-commenteditor security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Free Decryptor Released for Black Basta and Babuk's Tortilla Ransomware Victims

A decryptor for the Tortilla variant of the Babuk ransomware has been released by Cisco Talos, allowing victims targeted by the malware to regain access to their files. The cybersecurity firm said the threat intelligence it shared with Dutch law enforcement authorities made it possible to arrest...

New decryptor for Babuk Tortilla ransomware variant released

Cisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor. Cisco Talos shared the key with our peers at Avast for inclusion in the Avast Babuk decrypto...

CVE-2023-51246

A Cross Site Scripting XSS vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page...

Cross site scripting

A Cross Site Scripting XSS vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page...

CVE-2023-51246

A Cross Site Scripting XSS vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page...

CVE-2023-51246

A Cross Site Scripting XSS vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page...

CVE-2023-51246

CVE-2023-51246 concerns GetSimple CMS 3.3.16 where an XSS exists when a backend user adds articles via /admin/edit.php with Source Code Mode active. The root cause is inadequate filtering/escaping of user-supplied data during article creation, leading to arbitrary script execution. Affected produ...

PT-2024-14078 · Unknown · Getsimple Cms

Name of the Vulnerable Software and Affected Versions: GetSimple CMS version 3.3.16 Description: A Cross Site Scripting XSS issue exists when using Source Code Mode as a backend user to add articles via the "/admin/edit.php" page. Recommendations: For GetSimple CMS version 3.3.16, consider...

GitLab 0.0 < 14.2.6 / 14.3 < 14.3.4 / 14.4 < 14.4.1 (CVE-2021-42574)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft sourc...

Lot Reservation Management System 1.0 File Disclosure Vulnerability

Exploit Title: Lot Reservation Management System Unauthenticated File Disclosure Vulnerability Date: 10th December 2023 Exploit Author: Elijah Mandila Syoyi Vendor Homepage: https://www.sourcecodester.com/php/14530/lot-reservation-management-system-using-phpmysqli-source-code.html Software Link:...

Code Injection

gitlab:sid is vulnerable of code injection. The vulnerability due to compromise the source code and incorrectly neutralizes special elements in GitLab CE/EE. It leads to allow an attacker to modify the syntax or behavior of the intended code segment...

Blutter - Flutter Mobile Application Reverse Engineering Tool

Flutter Mobile Application Reverse Engineering Tool by Compiling Dart AOT Runtime Currently the application supports only Android libapp.so arm64 only. Also the application is currently work only against recent Dart versions. For high priority missing features, see TODO Environment Setup This...

Information Exposure

gitlab:sid is vulnerable to Information Exposure. The vulnerability due to read the source code of a project by using attackeraccesstoken and login to Victim account sets the Repository. It allows an attacker execute the malicious command with attacker account...

TikTok: Exploitable live argument in onClick Function leads to Data Leakage of Inactive/Suspended Products

The "Search Product" function in the TikTok Shop Seller API contained a vulnerability that allowed access to inactive or suspended products by manipulating the "live" parameter in the API request. The vulnerability was reported to the team and remediated...

CVE-2023-47704

IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. IBM X-Force ID: 271220...