Malicious QR codes sent in the mail deliver malware

Physical letters that contain a QR code to trick people into downloading malware are being sent through the mail, according to a warning issued by The Swiss National Cyber Security Centre NCSC. The letters are sent as if they come from the official Swiss Federal Office of Meteorology and...

UBUNTU-CVE-2023-34049

The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script wi...

RHEL 9 : podman (RHSA-2024:9454)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9454 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use contain...

CVE-2024-51572

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shawfactor LH QR Codes lh-qr-codes allows Stored XSS.This issue affects LH QR Codes: from n/a through = 1.06...

CVE-2024-51572 WordPress LH QR Codes plugin <= 1.06 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shawfactor LH QR Codes lh-qr-codes allows Stored XSS.This issue affects LH QR Codes: from n/a through = 1.06...

CVE-2024-51572

CVE-2024-51572 is a stored XSS in WordPress plugin LH QR Codes (versions

CVE-2024-51572 WordPress LH QR Codes plugin <= 1.06 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shawfactor LH QR Codes lh-qr-codes allows Stored XSS.This issue affects LH QR Codes: from n/a through = 1.06...

WordPress plugin LH QR Codes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-34715 · Peter Shaw · Lh Qr Codes

Name of the Vulnerable Software and Affected Versions: LH QR Codes versions n/a through 1.06 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS in Peter Shaw LH QR Codes...

CVE-2024-50202 nilfs2: propagate directory read errors from nilfs_find_entry()

In the Linux kernel, the following vulnerability has been resolved: nilfs2: propagate directory read errors from nilfsfindentry Syzbot reported that a task hang occurs in vcsopen during a fuzzing test for nilfs2. The root cause of this problem is that in nilfsfindentry, which searches for directo...

Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations

Summary Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by ParseWithClaims return both error codes. If users only...

CVE-2024-51744

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

Keycloak: Vulnerable Redirect URI Validation Results in Open Redirec

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...

Keycloak: Vulnerable Redirect URI Validation Results in Open Redirec

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...

Keycloak: Vulnerable Redirect URI Validation Results in Open Redirec

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...

WordPress LH QR Codes plugin <= 1.06 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin LH QR Codes versions = 1.06...

WordPress LH QR Codes Plugin <= 1.06 is vulnerable to Cross Site Scripting (XSS)

Software LH QR Codes Type Plugin Vulnerable versions = 1.06 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51572 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8fc226cfb24a Credits SOPROBRO Required privilege Contributor...

DEBIAN-CVE-2024-10525

In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its onsubscribe callback. This affects the mosquittosub and mosquittorr clients...

Admin account takeover through weak Pseudo-Random number generator used in generating password reset codes

This report is not public...

Enhancing Study with QR Codes: A Modern Educational Tool

QR codes are enhancing education by giving students instant access to study resources, interactive homework, and collaborative tools.…...