BIT-DISCOURSE-2024-47773 Anonymous cache poisoning via XHR requests in Discourse

Discourse is an open source platform for community discussion. An attacker can make several XHR requests until the cache is poisoned with a response without any preloaded data. This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse...

PT-2024-31983 · Publiccms · Publiccms

Name of the Vulnerable Software and Affected Versions: PublicCMS version 4.0.202406.d Description: A cross-site scripting XSS issue was discovered in PublicCMS via a crafted script to the Category Management feature. This allows for potential exploitation. Recommendations: For PublicCMS version...

PT-2025-17629

Name of the Vulnerable Software and Affected Versions Intel CPUs from 9th generation onward affected versions not specified Description The issue is related to a flaw in the branch predictor component of Intel CPUs, which can be exploited to leak sensitive data from privileged memory. This is due...

CGA-V559-JW8J-X9QX

Bulletin has no description...

CGA-8473-P45J-P2JG

Bulletin has no description...

CVE-2024-9007 jeanmarc77 123solar detailed.php cross site scripting

A vulnerability classified as problematic has been found in jeanmarc77 123solar 1.8.4.5. This affects an unknown part of the file /detailed.php. The manipulation of the argument date1 leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to...

CLSA-2024-1726683307 bind: Fix of CVE-2024-1737

CVE-2024-1737: fix resolver caches and authoritative zone databases to prevent degraded performance when handling client queries for the same hostname...

Security update for htmldoc (moderate)

openSUSE Security Update: Security update for htmldoc Announcement ID: openSUSE-SU-2024:0304-1 Rating: moderate References: 1230022 Cross-References: CVE-2024-45508 Affected Products: openSUSE Backports SLE-15-SP5 An update that fixes one vulnerability is now available. Description: This update f...

RHSA-2017:1790 Red Hat Security Advisory: java-1.8.0-oracle security update

Bulletin has no description...

Ivanti Releases Security Update for Cloud Services Appliance

Ivanti has released a security update addressing an OS command injection vulnerability CVE-2024-8190 affecting Ivanti Cloud Services Appliance CSA 4.6 all versions before patch 519. A cyber threat actor could exploit this vulnerability to take control of an affected system. At this time, Ivanti h...

RHSA-2016:1477 Red Hat Security Advisory: java-1.6.0-sun security update

Bulletin has no description...

20,000 WordPress Sites Affected by Remote Code Execution Vulnerability in Bit File Manager WordPress Plugin

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 14th, researchers can earn up to $31,200, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, an...

CVE-2024-43874

CVE-2024-43874 affects the Linux kernel crypto CCP/SEV path. The vulnerability is a NULL pointer dereference in __sev_snp_shutdown_locked triggered when psp_device or sev_device are uninitialized due to DEBUG_TEST_DRIVER_REMOVE. The fix returns early from __sev_snp_shutdown_locked() if these stru...

PT-2024-5808 · Google +5 · Google Chrome +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 128.0.6613.84 Microsoft Edge affected versions not specified Description: A heap buffer overflow in the Fonts component of Google Chrome and Microsoft Edge allows a remote attacker to potentially exploit heap...

m.circulation.or.kr Open Redirect vulnerability OBB-3958086

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

UBUNTU-CVE-2024-43829

In the Linux kernel, the following vulnerability has been resolved: drm/qxl: Add check for drmcvtmode Add check for the return value of drmcvtmode and return the error if it fails in order to avoid NULL pointer dereference...

CVE-2024-28986

SolarWinds Web Help Desk

CVE-2024-42071 affecting package kernel for versions less than 5.15.162.2-1

CVE-2024-42071 affecting package kernel for versions less than 5.15.162.2-1. A patched version of the package is available...

tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users

Impact What kind of vulnerability is it? Who is impacted? Low permission users using the "Set .dme Path" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via tgstation-server requiring a separate,...

clarisoft.com Cross Site Scripting vulnerability OBB-3950617

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...