JetBrains YouTrack Log Message Disclosure Vulnerability

JetBrains YouTrack is a project management tool developed by JetBrains that supports cloud hosting and local deployment. JetBrains YouTrack suffers from a log information disclosure vulnerability that stems from the fact that persistent tokens can be exposed in logs. An attacker can exploit this...

Overcoming Security Challenges in Real-Time APIs

Speed is everything in the modern business world. Our attention spans are shorter than ever, consumers demand short and seamless interactions, and the slightest delay in service delivery can see organizations fall far behind their competitors. This is why real-time APIs are so important; they...

CVE-2024-23452

Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.51.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description： The httpparser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is received with both a...

Malicious code in grammyjs-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d05f6c295e765b1889ffc72832434e365ea15f5aa6f8a6a555f42364c86a2c17 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-57428

A stored cross-site scripting XSS vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields eventimg, seatmaps and seat number configurations numbernewX in pjActionCreate. Attackers can inject persistent JavaScript, leading to phishing, malware...

Malicious code in nodex123 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 618140b407aedfe1e6bb6be93aa0f3f347a759aa42e82f72ae5e44893a119237 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-57428

A stored cross-site scripting XSS vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields eventimg, seatmaps and seat number configurations numbernewX in pjActionCreate. Attackers can inject persistent JavaScript, leading to phishing, malware...

CVE-2024-57428

A stored cross-site scripting XSS vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields eventimg, seatmaps and seat number configurations numbernewX in pjActionCreate. Attackers can inject persistent JavaScript, leading to phishing, malware...

The vulnerability of the Persistent Login module in the Drupal CMS system allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Persistent Login module in the Drupal CMS system is related to an incorrect session duration. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

CVE-2024-51650

Cross-Site Request Forgery CSRF vulnerability in scottmydollarplancom Random Featured Post random-featured-post-plugin allows Stored XSS.This issue affects Random Featured Post: from n/a through = 1.1.3...

CVE-2024-4872

A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential...

Malicious code in digitalexp-microfrontends-framework (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e0ca94db6587b92069f32a0574951f800a7cf2789f0ca5ad3dce95bcb122e205 Any computer that has this package installed or running should be considered...

Malicious code in nft-transfer-transformer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90b61c51743bbb7e45afbab35984b72d25a2743ce9b95ce35a49bf6637a29bca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in com.unity.services.core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 570e09325b7eeead7439db1cd6a223b5de2ddab48982af7bb43957a6c48d9069 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in cscvue-unplugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2a34e0f08d710a6b8c04716fa45de265e2171939895e01a7d62f79cdefe72152 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ethchained (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec2d7a0486fc07b92c872693b5b7ff68caeb51129ed60fdeb32a6913811a91df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

JetBrains YouTrack 日志信息泄露漏洞

JetBrains YouTrack is a project management tool developed by JetBrains that supports cloud hosting and local deployment. JetBrains YouTrack suffers from a log information disclosure vulnerability that stems from the fact that persistent tokens can be exposed in logs. An attacker can exploit this...

Malicious code in spark-ar-libs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b006a03d3e32e686234cf99060872119413445632a4820ae7cee58e29c23841 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-41743

IBM TXSeries for Multiplatforms 10.1 could allow a remote attacker to cause a denial of service using persistent connections due to improper allocation of resources...

Important: Red Hat Security Advisory: VolSync 0.10.2 for RHEL 9

VolSync v0.10.2 general availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...