WordPress Sirv plugin <= 7.2.7 - Authenticated (Subscriber+) Missing Authorization to Plugin Settings Update vulnerability

Authenticated Subscriber+ Missing Authorization to Plugin Settings Update vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Sirv versions = 7.2.7...

PT-2024-5209 · Cocoapods · Cocoapods

Name of the Vulnerable Software and Affected Versions: CocoaPods affected versions not specified Description: The issue is related to the authentication server for the CocoaPods dependency manager, where the trunk sessions verification step could be manipulated, allowing for owner session...

CVE-2024-27867

An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in...

PT-2024-22092

Name of the Vulnerable Software and Affected Versions AirPods versions prior to Firmware Update 6A326 AirPods versions prior to Firmware Update 6F8 Beats versions prior to Firmware Update 6F8 AirPods 2nd generation and later AirPods Pro all models AirPods Max Powerbeats Pro Beats Fit Pro...

About the security content of AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8

About the security content of AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8 This document describes the security content of AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. About Apple security updates For our...

WordPress plugin Lifeline Donation security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin ActivityPub security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin BookingPress security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-23251

An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An attacker with physical access may be able to leak Mail account credentials...

CVE-2024-23251

CVE-2024-23251 is an authentication issue in Apple’s Mail that could allow leakage of Mail account credentials when an attacker has physical access. The public description states the issue was fixed via improved state management and lists affected platforms and patches: macOS Sonoma 14.5, iOS 17....

PYSEC-2024-193

An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This vulnerability allows for unauthorized...

PT-2024-5077 · Johnson Controls · Istar Pro Door Controller

Name of the Vulnerable Software and Affected Versions: Johnson Controls Software House iStar Pro Door Controller affected versions not specified Description: The issue is related to the lack of authentication for a critical function in the ICU tool and iSTAR Pro door controller, which can be...

ZenML Security Vulnerability

ZenML is an extensible open source MLOps framework for creating portable, production-ready machine learning pipelines. A security vulnerability exists in ZenML versions 0.55.3 and below, which stems from the presence of a contention condition vulnerability that leads to data inconsistency and...

CVE-2024-31493

An improper removal of sensitive information before storage or transfer vulnerability CWE-212 in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP responses...

HackerOne: Improper Authentication - 2FA OTP Reusable

Vulnerability description not provided...

Important: php8.2

Issue Overview: The vulnerability allows a remote attacker to bypass implemented security restrictions. The vulnerability exists due to the way PHP handles HTTP variable names. A remote attacker can set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cook...

Identity Spoofing

doctrine/doctrine-module is vulnerable to Identity Spoofing. The vulnerability is due to improper handling of numerically valued credentials in DoctrineModule\Authentication\Adapter\ObjectRepository, which allows attackers to obtain valid authentication identities without knowing the user's actua...

CVE-2024-35183 wolfictl leaks GitHub tokens to remote non-GitHub git servers

wolfictl is a command line tool for working with Wolfi. A git authentication issue in versions prior to 0.16.10 allows a local user’s GitHub token to be sent to remote servers other than github.com. Most git-dependent functionality in wolfictl relies on its own git package, which contains...

GHSA-8FG7-HP93-QHVR wolfictl leaks GitHub tokens to remote non-GitHub git servers

Summary A git authentication issue allows a local user’s GitHub token to be sent to remote servers other than github.com. Details Most git-dependent functionality in wolfictl relies on its own git package, which contains centralized logic for implementing interactions with git repositories. Some ...

PT-2024-19746 · Apple · Macos Sonoma +4

Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.5 watchOS versions prior to 10.5 iOS versions prior to 17.5 iPadOS versions prior to 17.5 iOS versions prior to 16.7.8 iPadOS versions prior to 16.7.8 Description: An authentication issue was addressed with...