Important: Red Hat Security Advisory: RHACS 4.8.8 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

EUVD-2023-34893

Malicious code in bioql PyPI...

CVE-2024-3267

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btbbpricelist shortcode in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to a phishing attack due to the ExpressJS package (CVE-2024-29041)

Summary ExpressJS is used by IBM DataStage on Cloud Pak for Data as part of the web application framework. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker...

Security Bulletin: Vulnerability in GraphQL Java affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in GraphQL Java has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka...

Security Bulletin: Vulnerability in Protocol Buffers affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in Protocol Buffers has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses...

Security Bulletin: Vulnerability in source-map-support affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in all versions of the package source-map-suppor has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-21540...

OPENSUSE-SU-2024:0114-1 Security update for pdns-recursor

This update for pdns-recursor fixes the following issues: - update to 4.8.8: fixes a case when a crafted responses can lead to a denial of service in Recursor if recursive forwarding is configured boo1223262, CVE-2024-25583 - changes in 4.8.7: If serving stale, wipe CNAME records from cache when ...

CVE-2024-2734

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's AI features all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

PT-2024-21840 · WordPress · Bold Page Builder

Name of the Vulnerable Software and Affected Versions: Bold Page Builder plugin for WordPress versions up to, and including, 4.8.8 Description: The issue is related to Stored Cross-Site Scripting via the 'Price List' element due to insufficient input sanitization and output escaping on...

WordPress Plugin Bold Page Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-21847 · WordPress · Bold Page Builder

Name of the Vulnerable Software and Affected Versions: Bold Page Builder plugin for WordPress versions up to, and including, 4.8.8 Description: The issue is related to Stored Cross-Site Scripting via HTML Tags due to insufficient input sanitization and output escaping on user-supplied attributes...

CVE-2024-3266

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of widgets in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress Bold Page Builder Plugin <= 4.8.8 is vulnerable to Cross Site Scripting (XSS)

Software Bold Page Builder Type Plugin Vulnerable versions = 4.8.8 Fixed in 4.8.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3267 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4cbd847db71a Credits stealthcopter Required...

CVE-2023-50038

There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions...

CVE-2023-50038

CVE-2023-50038 affects Textpattern CMS v4.8.8 and is described as an arbitrary file upload vulnerability in the backend that can lead to loss of server permissions. The connected sources confirm the affected software version and the vulnerability class, with no public exploitation details provide...

Zope Information Disclosure Vulnerability (GHSA-8xv7-89vj-q48c)

Zope is prone to an information disclosure vulnerability through Python SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zope:zope...

PT-2023-19504 · Unknown · Textpattern

Name of the Vulnerable Software and Affected Versions: Textpattern version 4.8.8 Description: An arbitrary file upload vulnerability in the plugin upload function allows attackers to execute arbitrary code via a crafted Zip file. Recommendations: For Textpattern version 4.8.8, at the moment, ther...

WordPress Newsletters Plugin <= 4.8.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software Newsletters Type Plugin Vulnerable versions = 4.8.8 Fixed in 4.8.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-30478 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 753e64fb1d42 Credits Rio Darmawan Required...

PT-2023-20824 · Unknown · Textpattern

Name of the Vulnerable Software and Affected Versions: Textpattern versions 4.8.8 and below Description: An arbitrary file upload vulnerability in the upload plugin allows attackers to execute arbitrary code by uploading a crafted PHP file. Recommendations: For Textpattern versions 4.8.8 and belo...