CVE-2024-39313

Summary: CVE-2024-39313 affects toy-blog before 0.6.1, where articles with private visibility could be read without providing credentials. The root cause is improper access control for private posts. Impact is unauthorized disclosure of private content (permitted read is described as the primary ...

CVE-2024-39313 toy-blog Improper Input Validation vulnerability

toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrade to 0.6.1 or later to receive a patch. No known workaroun...

CVE-2024-39313 toy-blog Improper Input Validation vulnerability

toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrade to 0.6.1 or later to receive a patch. No known workaroun...

PT-2024-28438 · Toy-Blog · Toy-Blog

Name of the Vulnerable Software and Affected Versions: toy-blog versions 0.4.3 through 0.4.14 toy-blog versions prior to 0.4.14 Description: The administrative password is leaked through the command line parameter. This issue was patched in version 0.5.0. Recommendations: For versions 0.4.14 and...

toy-blog Security Breach

toy-blog is a CMS system by the individual developer Kisaragi. A security vulnerability exists in toy-blog versions prior to 0.4.3 to 0.5.0, which stems from the disclosure of the administrative password via a command line parameter...

toy-blog Security Breach

toy-blog is a CMS system by the individual developer Kisaragi. A security vulnerability exists in toy-blog versions prior to 0.5.4 through 0.6.1, which stems from the ability to read articles with private visibility if the reader does not set the requested credentials...

PT-2024-28437 · Toy-Blog · Toy-Blog

Name of the Vulnerable Software and Affected Versions: toy-blog versions 0.5.4 through 0.6.0 Description: The issue allows articles with private visibility to be read without proper credentials. This can lead to unauthorized access to sensitive information. Users are advised to upgrade to a newer...

Chrome to Distrust Entrust Certificates by November 2024

From Entrust to Distrust!...

Examining Water Sigbin's Infection Routine Leading to an XMRig Cryptominer

We analyze the multi-stage loading technique used by Water Sigbin to deliver the PureCrypter loader and XMRIG crypto miner...

WordPress Print My Blog plugin <= 3.27.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by CatFather Patchstack Alliance in WordPress Plugin Print My Blog versions = 3.27.0...

WordPress Print My Blog Plugin <= 3.27.0 is vulnerable to Cross Site Scripting (XSS)

Software Print My Blog Type Plugin Vulnerable versions = 3.27.0 Fixed in 3.27.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37271 Patch priority Low CVSS severity Low 5.9 Developer Michael Nelson PSID cf7d433e5eee Credits CatFather Required privilege Author...

blog.artsper.com Cross Site Scripting vulnerability OBB-3938482

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2024-5503

The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the...

CVE-2024-5503

The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the...

CVE-2024-5503

The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the...

CVE-2024-5503 WP Blog Post Layouts <= 1.1.3 - Authenticated (Contributor+) Local File Inlcusion

The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the...

WordPress plugin WP Blog Post Layouts Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

GHSA-9GXX-58Q6-42P7 Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service

Impact A parsing vulnerability in lnd's onion processing logic led to a DoS vector due to excessive memory allocation. Patches The issue was patched in lnd v0.17.0. Users should update to a version = v0.17.0 to be protected. References Detailed blog post:...

CVE-2024-0762

creationtimestamp| type| source ---|---|--- 2024-06-20 16:06:41+00:00| seen| https://t.me/informationsecuritychannel/52404 2024-06-20 16:25:34+00:00| seen| https://t.me/thehackernews/5147 2024-06-20 17:06:21+00:00| seen| https://t.me/truesecator/5879 2024-06-20 17:37:50+00:00| seen|...

1inch partners with Blockaid to enhance Web3 security through the 1inch Shield

Dubai, UAE, 20th June 2024, CyberNewsWire...