What is DevSecOps and Why is it Essential for Secure Software Delivery?

Traditional application security practices are not effective in the modern DevOps world. When security scans are run only at the end of the software delivery lifecycle either right before or after a service is deployed, the ensuing process of compiling and fixing vulnerabilities creates massive...

CVE-2024-34795

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Tainacan.Org Tainacan allows Stored XSS.This issue affects Tainacan: from n/a through 0.21.3...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a null pointer dereference problem...

Security Bulletin: IBM Planning Analytics Local - Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Local - Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics Local - Planning Analytics Workspace 2.1.2 and IBM Planning Analytics Local -...

MP-SPDZ 安全漏洞

MP-SPDZ is a CSIRO Data61 Engineering & Design open source software for benchmarking various Secure Multiparty Computing MPC protocols in various security models. A security vulnerability exists in MP-SPDZ version v0.3.8. An attacker exploited the vulnerability to cause a denial of service on the...

Desdev DedeCMS 安全漏洞

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS from China's Zhuozhuo Network Desdev. The system features content publishing, content management, content editing and content retrieval. A security vulnerability exists in DedeCMS versi...

Mautic 安全漏洞

Mautic is an open source marketing automation software. The software monitors and manages websites, sends emails and manages customer resources. Mautic suffers from a security vulnerability that stems from the fact that low-privileged users can view certain pages that expose sensitive information...

Unifiedtransform 安全漏洞

Unifiedtransform is an open source school management software from Sourceforge Open Source. It allows for comprehensive and efficient management of school operations. A security vulnerability exists in Unifiedtransform v2.X, which stems from vulnerability to stored cross-site scripting XSS attack...

PsiTransfer 安全漏洞

PsiTransfer is a simple open source hosted file sharing solution from the individual developer Christoph Wiechert. A security vulnerability exists in PsiTransfer versions prior to 2.2.0, which stems from an unrestricted endpoint that allows an attacker who receives a file distribution ID to alter...

The XZ Backdoor: Everything You Need to Know

Details are starting to emerge about a stunning supply chain attack that sent the open source software community reeling...

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Workspace. IBM Planning Analytics Workspace 2.0 Release 94 has addressed the applicable CVEs by upgrading or removing the vulnerable libraries. Please refer to the table in the...

Moodle cross-site scripting vulnerability (CNVD-2024-21663)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. Moodle suffers from a cross-site scripting vulnerability that stems from a Chat activity that allows students to insert potentially...

Twenty 安全漏洞

Twenty is an open source CRM platform from Twenty. A security vulnerability exists in Twenty version 0.3.0, which stems from an easy server-side request forgery attack via file uploads...

CVE-2024-23643

GeoServer contains a stored XSS vulnerability (CVE-2024-23643) in the GWC Seed Form. A authenticated administrator with workspace-level privileges can store a JavaScript payload in the GeoServer catalog, which then executes in another administrator’s browser when the GWC Seed Form is viewed. Affe...

CVE-2024-0864 RCE in Laragon

Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution RCE attack via an improper input validation in a fileupload.php file which serves as an example. By default, Laragon is not vulnerable until a user decides to use the aforementioned...

Security Bulletin: IBM Planning Analytics Cartridge for IBM Cloud Pak for Data 4.8.3 has addressed security vulnerabilities

Summary IBM Planning Analytics Cartridge for IBM Cloud Pak for Data is affected, but not classified as vulnerable based on current information, by a vulnerability in go-jose XFID: 273242. This vulnerability has been addressed by upgrading to a non-vulnerable version of go-jose. Additionally, IBM...

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Workspace. IBM Planning Analytics Workspace 2.0 Release 93 has addressed the applicable CVEs by upgrading or removing the vulnerable libraries. Please refer to the table in the...

YetiForceCrm Security Vulnerability

YetiForceCrm is an open source Crm system from the Polish company YetiForce. A security vulnerability exists in YetiForce YetiForceCRM 6.4.0 and earlier versions, which originates from a vulnerability that allows an authenticated, remote attacker to obtain sensitive information via the license...

CISA and OpenSSF Release Framework for Package Repository Security

The U.S. Cybersecurity and Infrastructure Security Agency CISA announced that it's partnering with the Open Source Security Foundation OpenSSF Securing Software Repositories Working Group to publish a new framework to secure package repositories. Called the Principles for Package Repository...

MISP Security Vulnerabilities

MISP is an open source software solution. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP versions prior to 2.4.184, which stems from a...