WordPress LMS by Masteriyo plugin <= 1.7.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Masteriyo - LMS versions = 1.7.2...

VulnCheck KEV: CVE-2024-24882

Improper Privilege Management vulnerability in Masteriyo LMS allows Privilege Escalation.This issue affects LMS: from n/a through 1.7.2...

Challenges Drive Career Growth: Meet Rudina Tafhasaj

Starting a career for the first time in a new country can be intimidating. For Rudina Tafhasaj, her path to Senior Application Engineer at Rapid7 was paved with both unique challenges, and incredible rewards. Growing up, Rudina was inspired to get into technology by her older brother. “He loved...

Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 23.0.2-IF002

Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 23.0.2-IF002 addresses the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-24762 DESCRIPTION: FastAPI is vulnerable to a denial of service, caused by a regul...

WordPress MasterStudy LMS plugin <= 3.3.0 - Unauthenticated Local File Inclusion via modal vulnerability

Unauthenticated Local File Inclusion via modal vulnerability discovered by Hiroho Shimada in WordPress Plugin MasterStudy LMS versions = 3.3.0...

Exploit for Server-Side Request Forgery in Anyscale Ray

PoC for a remote command execution vulnerability in Ray framew...

[SECURITY] Fedora 39 Update: onnx-1.14.0-9.fc39

onnx provides an open source format for AI models, both deep learning and traditional ML. It defines an extensible computation graph model, as well as definitions of built-in operators and standard data types...

[SECURITY] Fedora 40 Update: onnx-1.14.1-2.fc40

onnx provides an open source format for AI models, both deep learning and traditional ML. It defines an extensible computation graph model, as well as definitions of built-in operators and standard data types...

WordPress Plugin MasterStudy LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

Fedora: Security Advisory (FEDORA-2024-270e3b5e9b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-abe1e34fdb)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cybercriminals Beta Test New Attack to Bypass AI Security

By Waqas New AI-Dodging Phishing Attack AI Security and Exploits Machine Learning. This is a post from HackRead.com Read the original post: Cybercriminals Beta Test New Attack to Bypass AI Security...

CVE-2024-23823

CVE-2024-23823 affects the vantage6 server, where CORS restrictions are not enforced, allowing configured origins to be unrestricted. The vulnerability stems from overly permissive CORS settings in the open-source vantage6 framework for Federated Learning and MPC deployments. The limited impact i...

vantage6 Security Vulnerabilities

vantage6 is vantage6 open source an open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A security vulnerability exists in vantage6 versions 4.2.0 and earlier that stems from not setting the security header...

Moodle Denial of Service Vulnerability (CNVD-2024-13538)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A denial-of-service vulnerability exists in Moodle, which stems from insufficient file size checking, and can be exploited by an attack...

vantage6 Security Vulnerabilities

vantage6 is vantage6 open source an open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A security vulnerability exists in versions of vantage6 prior to 4.2.1, which stems from an unrestricted CORS setting...

WordPress Plugin Academy LMS Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...

paddlepaddle code injection vulnerability

PaddlePaddle PaddlePaddle is an independent R&D deep learning platform open-sourced by China's PaddlePaddle PaddlePaddle. A code injection vulnerability exists in paddlepaddle version 2.6.0, which stems from the application failing to properly filter special elements of constructed code segments...

Design/Logic Flaw

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version...

CVE-2024-28198

OpenOLAT contains an XXE/SSRF vulnerability in the draw.io integration that allows an attacker to read arbitrary files as the system user by manipulating HTTP requests. Affected versions are OpenOLAT prior to 18.1.6 and prior to 18.2.2. The issue is fixed in 18.1.6 and 18.2.2; users should upgrad...