CVE-2024-32003 Dusk plugin may allow unfettered user authentication in misconfigured installs

wn-dusk-plugin Dusk plugin is a plugin which integrates Laravel Dusk browser testing into Winter CMS. The Dusk plugin provides some special routes as part of its testing framework to allow a browser environment such as headless Chrome to act as a user in the Backend or User plugin without having ...

CVE-2024-3400

CVE-2024-3400 is a critical command-injection vulnerability in Palo Alto Networks PAN-OS GlobalProtect. Multiple connected sources provide concrete details: an unauthenticated attacker can trigger arbitrary code execution with root privileges by crafting HTTP requests to GlobalProtect endpoints (...

[SECURITY] Fedora 39 Update: python-pillow-10.3.0-1.fc39

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt, devel developmen...

编号撤回

ROS2 Humble Hawksbill is an open source set of software libraries and tools for ROS2. It can help build robotics applications. This CVE number has been withdrawn...

The Essential Tools and Plugins for WordPress Development

By Owais Sultan WordPress, a widely used content management system, owes a great deal of its flexibility to plugins. These small… This is a post from HackRead.com Read the original post: The Essential Tools and Plugins for WordPress Development...

An issue was discovered in Storage Performance Development Kit (SPDK) before 20.01.01. If a PDU is sent to the iSCSI target with a zero length (but data is expected) the iSCSI target can crash with a NULL pointer dereference.

...

Buffer Overflow in EDK II Network Package

...

Use of a Weak PseudoRandom Number Generator in EDK II Network Package

...

Infinite loop in EDK II Network Package

...

Important: Red Hat Security Advisory: nodejs security update

An update for nodejs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2024-31207

CVE-2024-31207 (Vite) : The vulnerability is in Vite’s server.fs.deny logic, which does not deny requests for patterns containing directories. This could allow access to unintended files or paths during development. Affected versions include 2.9.18 and 3.2.10 up to 5.2.6, 5.1.7, 5.0.13, and 4.5.3...

PT-2024-2962

Name of the Vulnerable Software and Affected Versions: Vite versions prior to 2.9.18 Vite versions prior to 3.2.10 Vite versions prior to 4.5.3 Vite versions prior to 5.0.13 Vite versions prior to 5.1.7 Vite versions prior to 5.2.6 Description: The issue is related to insufficient access control ...

Challenges Drive Career Growth: Meet Rudina Tafhasaj

Starting a career for the first time in a new country can be intimidating. For Rudina Tafhasaj, her path to Senior Application Engineer at Rapid7 was paved with both unique challenges, and incredible rewards. Growing up, Rudina was inspired to get into technology by her older brother. “He loved...

PT-2024-14130 · Dji · Dji Matrice 300 +6

Name of the Vulnerable Software and Affected Versions: DJI Mavic 3 Pro versions prior to v01.01.0300 DJI Mavic 3 versions prior to v01.00.1200 DJI Mavic 3 Classic versions prior to v01.00.0500 DJI Mavic 3 Enterprise versions prior to v07.01.10.03 DJI Matrice 300 versions prior to v57.00.01.00 DJI...

The vulnerability of the Azure-c-shared-utility library in the Azure SDK for C development software package allows a attacker to execute arbitrary code.

The vulnerability of the Azure-c-shared-utility library in the Azure SDK for C development software package is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code using the buffer length...

CVE-2024-31107

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DiSo Development Team OpenID allows Reflected XSS.This issue affects OpenID: from n/a through 3.6.1...

CVE-2024-31107 WordPress OpenID plugin <= 3.6.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DiSo Development Team OpenID allows Reflected XSS.This issue affects OpenID: from n/a through 3.6.1...

Information Leakage Vulnerability in Data Leakage Protection (DLP) System of Beijing Yisaitong Technology Development Co.

Beijing Yisetong Technology Development Co., Ltd. is a domestic data security, network security and security services provider of three major business. There is an information leakage vulnerability in the Data Leakage Protection DLP system of Beijing Yisetong Technology Development Co., Ltd. that...

Lucee Remote Code Execution Vulnerability

The Lucee Server Lucee is a dynamic, java-based markup and scripting language used for rapid web application development. Lucee suffers from a remote code execution vulnerability that can be exploited to execute system commands by accepting the name of a cookie as one of its parameters and passin...

PT-2024-2641 · Dji · Dji Matrice 300 +6

Name of the Vulnerable Software and Affected Versions: DJI Mavic 3 Pro versions prior to v01.01.0300 DJI Mavic 3 versions prior to v01.00.1200 DJI Mavic 3 Classic versions prior to v01.00.0500 DJI Mavic 3 Enterprise versions prior to v07.01.10.03 DJI Matrice 300 versions prior to v57.00.01.00 DJI...