What’s New for Developers: July 2024

...

PT-2024-28724 · Unknown +1 · Ruby On Rails +1

Name of the Vulnerable Software and Affected Versions: Haven blog web application affected versions not specified Description: A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. The affected functionality requires...

The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409

We check the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems...

CVE-2024-40690

creationtimestamp| type| source ---|---|--- 2024-07-12 21:07:35+00:00| seen| https://t.me/cvedetector/785 2025-12-06 07:20:15+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3m7chmesi4a2g...

WordPress Patricia Blog theme <= 1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Patricia Blog versions = 1.2...

WordPress Patricia Blog Theme <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Patricia Blog Type Theme Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-38732 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 79de657843ce Credits Dhabaleshwar Das Required...

Exploit for Race Condition in Openbsd Openssh

CVE-2024-6387 Vulnerability Checker Overview This Python...

WordPress Blog, Posts and Category Filter for Elementor plugin <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post and Category Filter Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Post and Category Filter Widget vulnerability discovered by stealthcopter in WordPress Plugin Blog, Posts and Category Filter for Elementor versions = 1.0.3...

WordPress plugin Blog, Posts and Category Filter for Elementor security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2024-39695

creationtimestamp| type| source ---|---|--- 2024-07-08 18:40:32+00:00| seen| https://t.me/cvedetector/189 2025-12-29 21:01:14+00:00| seen| https://github.blog/security/vulnerability-research/bugs-that-survive-the-heat-of-continuous-fuzzing/...

PT-2024-32101 · WordPress · The Blog

Name of the Vulnerable Software and Affected Versions: The Blog, Posts and Category Filter for Elementor plugin for WordPress version 1.0.3 and earlier Description: The issue is related to Stored Cross-Site Scripting via the Post and Category Filter widget due to insufficient input sanitization a...

PT-2024-28385 · Z Blogphp · Z-Blogphp

Name of the Vulnerable Software and Affected Versions: Z-BlogPHP version 1.7.3 Description: A cross-site scripting XSS vulnerability in the Backend Theme Management module allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Recommendations: For Z-BlogPHP version 1.7.3...

New Android Spyware Steals Data from Gamers and TikTok Users

Transparent Tribe Expands Android Spyware Arsenal: Gamers, Weapons Fans, and TikTok Users Targeted!...

Qualys Blog

On Wednesday, July 3, 2024 at 2:45 AM EDT Qualys identified suspicious spam content posted to the Qualys blog. Qualys conducted an investigation to identify any compromise and/or impact due to this unauthorized spam blog post and found no indication that the incident had any impact on customer...

Information on OpenSSH "regreSSHion" Vulnerability

...

Exploit for Race Condition in Openbsd Openssh

CVE-2024-6387-Checker Description CVE-2024-6387-Checker is...

CVE-2024-39314 toy-blog administrative token leaked through the command line parameter

toy-blog is a headless content management system implementation. Starting in version 0.4.3 and prior to version 0.5.0, the administrative password was leaked through the command line parameter. The problem was patched in version 0.5.0. As a workaround, pass --read-bearer-token-from-stdin to the...

CVE-2024-39314 toy-blog administrative token leaked through the command line parameter

toy-blog is a headless content management system implementation. Starting in version 0.4.3 and prior to version 0.5.0, the administrative password was leaked through the command line parameter. The problem was patched in version 0.5.0. As a workaround, pass --read-bearer-token-from-stdin to the...

CVE-2024-39314 toy-blog administrative token leaked through the command line parameter

toy-blog is a headless content management system implementation. Starting in version 0.4.3 and prior to version 0.5.0, the administrative password was leaked through the command line parameter. The problem was patched in version 0.5.0. As a workaround, pass --read-bearer-token-from-stdin to the...

CVE-2024-39313 toy-blog Improper Input Validation vulnerability

toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrade to 0.6.1 or later to receive a patch. No known workaroun...