The vulnerability of the Keycloak identity and access management software lies in its overly restrictive mechanism for blocking user accounts. This allows a malicious user to lock out the user from accessing their account.

The vulnerability of the Keycloak identity and access management software lies in its overly restrictive mechanism for blocking user accounts. Exploiting this vulnerability could allow a malicious actor to remotely block a user’s access to their account...

SUSE-SU-2024:0577-1 Security update for python-aiohttp, python-time-machine

This update for python-aiohttp, python-time-machine fixes the following issues: python-aiohttp was updated to version 3.9.3: Fixed backwards compatibility breakage in 3.9.2 of ssl parameter when set outside of ClientSession e.g. directly in TCPConnector Improved test suite handling of paths and...

kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible

A potential deadlock flaw was found in the Linux’s kernel DVB API used by Digital TV devices functionality. This flaw allows a local user to crash the system...

The vulnerability of the FreeBSD operating systems, related to improper process blocking, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the FreeBSD operating systems is related to improper blocking of processes. Exploiting this vulnerability can allow an attacker, working remotely, to gain unauthorized access to protected information through system calls like jail...

CVE-2024-21500

All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication 2FA. Although the application blocks the user after several failed attempts to provide 2FA codes, attackers can bypass this...

CVE-2024-21500

All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication 2FA. Although the application blocks the user after several failed attempts to provide 2FA codes, attackers can bypass this...

Design/Logic Flaw

All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication 2FA. Although the application blocks the user after several failed attempts to provide 2FA codes, attackers can bypass this...

Shield Security – Smart Bot Blocking & Intrusion Prevention Security < 18.5.10 - Unauthenticated Local File Inclusion

Description The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the renderactiontemplate parameter. This makes it possible for unauthenticated attacker to include and...

CVE-2024-0761

The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract...

CVE-2023-6989

The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the renderactiontemplate parameter. This makes it possible for unauthenticated attacker to include and execute PHP...

CVE-2023-6989 Shield Security – Smart Bot Blocking & Intrusion Prevention Security <= 18.5.9 - Unauthenticated Local File Inclusion

The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the renderactiontemplate parameter. This makes it possible for unauthenticated attacker to include and execute PHP...

Decline in robocalls is encouraging, efforts seem to be working

The Federal Communications Commission FCC has announced that its recent actions with the Federal Trade Commission FTC against international robocalls appear to have had an effect. Robocalls are automated phone calls, often associated with scams and unwanted solicitations, which can be a nuisance ...

CVE-2024-22163

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shield Security Shield Security – Smart Bot Blocking & Intrusion Prevention Security allows Stored XSS.This issue affects Shield Security – Smart Bot Blocking & Intrusion Prevention Security: from...

CVE-2024-22163

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shield Security Shield Security – Smart Bot Blocking & Intrusion Prevention Security allows Stored XSS.This issue affects Shield Security – Smart Bot Blocking & Intrusion Prevention Security: from...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shield Security Shield Security – Smart Bot Blocking & Intrusion Prevention Security allows Stored XSS.This issue affects Shield Security – Smart Bot Blocking & Intrusion Prevention Security: from...

CVE-2024-22163

CVE-2024-22163 is a stored XSS vulnerability in the WordPress Shield Security plugin (Shield Security – Smart Bot Blocking & Intrusion Prevention Security)

CVE-2024-22163 WordPress Shield Security Plugin <= 18.5.7 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shield Security Shield Security – Smart Bot Blocking & Intrusion Prevention Security allows Stored XSS.This issue affects Shield Security – Smart Bot Blocking & Intrusion Prevention Security: from...

Mozilla: Failure to update user input timestamp

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load...

LinkedIn: Blocking a company page admin prevents him from delete paid media admin or edit his roles

A company page admin was prevented from managing deleting or editing roles of a paid media admin when the paid media admin blocked the company page admin. This created an access control vulnerability where administrative privileges were circumvented through the platform's social blocking feature...

PT-2024-12440 · Splicecom · Splicecom Maximiser Soft Pbx

Name of the Vulnerable Software and Affected Versions: SpliceCom Maximiser Soft PBX versions 1.5 and before Description: The issue allows attackers to bypass authentication via a brute force attack due to the lack of restriction on excessive authentication attempts. Recommendations: For SpliceCom...