CVE-2023-52121

Cross-Site Request Forgery CSRF vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a...

CVE-2023-52121 WordPress NitroPack Plugin <= 1.10.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a...

CVE-2023-52121

Mode C: A CSRF vulnerability is present in NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images (WordPress plugin). Affected versions are up to 1.10.2; the OpenVAS entry indicates the issue exists in NitroPack versions prior to 1.10.3. The vulnerabi...

GitLab < 15.6.8 (CRITICAL-SECURITY-RELEASE-GITLAB-15-8-2-RELEASED)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to git...

PT-2023-31756 · Mvel2 · Mvel2

Name of the Vulnerable Software and Affected Versions: mvel2 version 2.5.0 Final Description: A TimeOut error exists in the ParseTools.subCompileExpression method due to many Java class lookups, potentially causing a long execution time. The vendor disputes the significance of this issue, stating...

NewStart CGSL MAIN 6.02 : openssl Multiple Vulnerabilities (NS-SA-2023-0074)

The remote NewStart CGSL host, running version MAIN 6.02, has openssl packages installed that are affected by multiple vulnerabilities: - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell...

Incorrect Termination Condition

Lines of code Vulnerability details The provided termination condition if pos = size / 2 && pos = size is incorrect. This condition is not suitable for terminating the maxHeapify function. It should instead be based on comparing values in the heap to ensure the max heap property. The condition if...

Efficiency

Lines of code Vulnerability details Depending on the size of your heap, the while loop may execute a significant number of times. Consider whether you can optimize this loop for performance, especially if you expect a large number of insertions. Assessed type Loop --- The text was updated...

Some tokens may revert when zero value transfers are made

Lines of code 356, 371, 145, 272, 252, 116, 445, 374, 506, 488https://github.com/Tapioca-DAO/tap-token-audit/blob/59749be5bc2286f0bdbf59d7ddc258ddafd49a9f/contracts/options/TapiocaOptionBroker...

Microsoft Teams 2.1 supported for VDI/DaaS

Information Overview Microsoft has released new Teams for VDI in early December 2023. The new version of Teams has been re-implemented and promises improvements in performance, memory consumption, usability, and security. Here is a link to some information about the new Teams -...

Building an AppSec Program with Qualys WAS – Additional Configurations and Review & Confirm

Part 4 - Configuring a Web Application or API: Additional Configurations Now that we have completed the basic information, crawl settings, and default scan configurations, we can shift our attention to additional configurations designed to optimize scanning and provide granular control over how...

CVE-2023-49746

Server-Side Request Forgery SSRF vulnerability in Softaculous Team SpeedyCache – Cache, Optimization, Performance.This issue affects SpeedyCache – Cache, Optimization, Performance: from n/a through 1.1.2...

CVE-2023-49746

Server-Side Request Forgery SSRF vulnerability in Softaculous Team SpeedyCache – Cache, Optimization, Performance.This issue affects SpeedyCache – Cache, Optimization, Performance: from n/a through 1.1.2...

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF vulnerability in Softaculous Team SpeedyCache – Cache, Optimization, Performance.This issue affects SpeedyCache – Cache, Optimization, Performance: from n/a through 1.1.2...

CVE-2023-49746

CVE-2023-49746 affects the WordPress SpeedyCache Plugin up to version 1.1.2, with a Server-Side Request Forgery (SSRF) vulnerability in SpeedyCache – Cache, Optimization, Performance. The Red Hat and OpenVAS entries corroborate SSRF in this plugin, and Patchstack lists 1.1.3 as the fix. The root ...

Mitsubishi Electric FA Engineering Software Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 Vendor : Mitsubishi Electric Equipment : MELIPC , MELSEC iQ-R, and MELSEC Q Series Vulnerabilities : Processor Optimization Removal or Modification of Security-Critical Code, Observable Discrepancy 2. RISK EVALUATION Successful exploitation of these...

CDS with Spring Framework 6.1

As a follow-up to the Runtime efficiency with Spring blog post, I am happy to share that our exploration of Project Leyden optimizations has led to some interesting discoveries regarding the JDK's little-used CDS "Class Data Sharing" feature and has materialized into a new feature that we have be...

Some tokens may revert when zero value transfers are made

Lines of code 356, 371, 145, 272, 252, 116, 445, 374, 506, 488https://github.com/Tapioca-DAO/tap-token-audit/blob/59749be5bc2286f0bdbf59d7ddc258ddafd49a9f/contracts/options/TapiocaOptionBroker...

Website Optimization – Plerdy < 1.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Website Optimization – Plerdy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tracking code settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...