CVE-2026-33159

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, guest users can access Config Sync updater index, obtain signed data, and execute state-changing Config Sync actions regenerate-yaml, apply-yaml-chang...

GHSA-6MRR-Q3PJ-H53W Craft CMS: Unauthenticated Users Can Perform Restricted Project Config Sync Operations

Summary Guest users can access Config Sync updater index, obtain signed data, and execute state-changing Config Sync actions regenerate-yaml, apply-yaml-changes without authentication. Details ConfigSyncController extends BaseUpdaterController, and the base updater is anonymously accessible for...

Panic in wasmvm can slow down block production

CWA-2024-008 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.1.0, = 2.0.0, = 2.1.0, = 2.0.0, query wasm libwasmvm-version. It must show 1.5...

CosmWasm VM Incorrect metering

CWA-2024-007 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.1.0, = 2.0.0, = 2.1.0, = 2.0.0, query wasm libwasmvm-version. It must show 1.5...

CVE-2024-34624

Out-of-bounds read in applying paragraphs in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory...

PVS Target Device Stuck at "Applying Computer Settings"

Provisioning Services PVS target device fail to boot. The target device stuck at applying computer settings stage and then trigger restart...

Security Bulletin: CVE-2022-37734 may affect IBM CICS TX Advanced

Summary WebSphere Application Server Liberty is vulnerable to denial of service due to GraphQL Java. This affects IBM WebSphere Liberty used by IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-37734 DESCRIPTION: GraphQL Java is...

Anatomy of a Cloud-Service Security Update

Our security teams around the world focus on identifying and mitigating security issues as soon as possible while minimizing customer disruption. One of the challenges of a traditional security update is ensuring customers apply the protections promptly. We recently discussed the work that goes...

[SECURITY] Fedora 35 Update: golang-github-gorhill-cronexpr-1.0.0-4.fc35

Given a cron expression and a time stamp, you can get the next time stamp whi ch satisfies the cron expression. In another project, I decided to use cron expression syntax to encode schedul ing information. Thus this standalone library to parse and apply time stamps to c ron expressions. The...

[SECURITY] Fedora 36 Update: golang-github-gorhill-cronexpr-1.0.0-4.fc36

Given a cron expression and a time stamp, you can get the next time stamp whi ch satisfies the cron expression. In another project, I decided to use cron expression syntax to encode schedul ing information. Thus this standalone library to parse and apply time stamps to c ron expressions. The...

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server that is shipped with IBM Rational ClearQuest (CVE-2017-1583, CVE-2011-4343)

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Rational ClearQuest. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Adobe Flash - Use-After-Free in Applying Bitmap Filter Exploit

Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1007 The attached swf causes a use-after-free in applying bitmap filters. 0day.today 2018-04-12...

Adobe Flash - Use-After-Free in Applying Bitmap Filter

Adobe Flash - Use-After-Free in Applying Bitmap Filter Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1007 The attached swf causes a use-after-free in applying bitmap filters. Proof of Concept:...

How to apply errata on client using Red Hat Satellite 6.2 API.

No description provided...

FreeBSD : chromium -- multiple vulnerabilities (057130e6-7f61-11e1-8a43-00262d5ed8ee)

Google Chrome Releases reports : 106577 Medium CVE-2011-3066: Out-of-bounds read in Skia clipping. Credit to miaubiz. 117583 Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to Sergey Glazunov. 117698 High CVE-2011-3068: Use-after-free in run-in handling. Credit to miaubiz. 117728 Hi...