Important: Red Hat Enhancement Advisory: Red Hat Developer Hub 1.2 release

Red Hat Developer Hub 1.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single pa...

Security Bulletin: A vulnerability in Node.js affects IBM Rational® Application Developer for WebSphere® Software (CVE-2024-27980)

Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational® Application Developer for WebSphere® Software. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. Vulnerability Details Refer to the security...

WordPress Zoho Marketing Automation Plugin <= 1.2.7 is vulnerable to SQL Injection

Software Zoho Marketing Automation Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-37225 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID c6d98be82212 Credits LVT-tholv2k Required privilege...

WordPress Sparkle Demo Importer Plugin <= 1.4.7 is vulnerable to Broken Access Control

Software Sparkle Demo Importer Type Plugin Vulnerable versions = 1.4.7 Fixed in 1.4.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6120 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 65191ad4a953 Credits Lucio Sá Required...

WordPress Kanban Boards for WordPress Plugin <= 2.5.21 is vulnerable to Broken Access Control

Software Kanban Boards for WordPress Type Plugin Vulnerable versions = 2.5.21 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37226 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 06ba84554f72 Credits LVT-tholv2k Requir...

WordPress Themify – WooCommerce Product Filter Plugin <= 1.4.9 is vulnerable to SQL Injection

Software Themify – WooCommerce Product Filter Type Plugin Vulnerable versions = 1.4.9 Fixed in 1.5.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6027 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 0ec8ecf4ef08 Credits Arkadiusz Hydzik Required...

WordPress Book Landing Page Theme <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Book Landing Page Type Theme Vulnerable versions = 1.2.3 Fixed in 1.2.4 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37230 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b75fbc99c1f0 Credits Dhabaleshwar Das...

WordPress Falang multilanguage Plugin <= 1.3.51 is vulnerable to Cross Site Request Forgery (CSRF)

Software Falang multilanguage Type Plugin Vulnerable versions = 1.3.51 Fixed in 1.3.52 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37240 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 118e700fa296 Credits Dhabaleshwar...

WordPress Newspack Newsletters Plugin <= 2.13.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Newspack Newsletters Type Plugin Vulnerable versions = 2.13.2 Fixed in 2.13.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37242 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8f54e12bc4ce Credits Rafie Muhamm...

GHSA-9GXX-58Q6-42P7 Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service

Impact A parsing vulnerability in lnd's onion processing logic led to a DoS vector due to excessive memory allocation. Patches The issue was patched in lnd v0.17.0. Users should update to a version = v0.17.0 to be protected. References Detailed blog post:...

CVE-2023-3353

Rejected reason: REJECT Developer patched two issues with a single patch, so only one CVE is necessary. Please use CVE-2023-3352...

Malicious code in tyk-developer-portal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d6830a4dad414db435db7f758c7ca9a035d4571a5f4e1053c017e1ee603629e6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1647 Malicious code in tyk-developer-portal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d6830a4dad414db435db7f758c7ca9a035d4571a5f4e1053c017e1ee603629e6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress Ali2Woo Lite Plugin <= 3.3.5 is vulnerable to Broken Access Control

Software Ali2Woo Lite Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37210 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 02abd7b980c0 Credits Majed Refaea Required...

WordPress Ali2Woo Lite Plugin <= 3.3.5 is vulnerable to Cross Site Scripting (XSS)

Software Ali2Woo Lite Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37211 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e361f4846097 Credits Majed Refaea Required privilege...

WordPress Tabs Plugin <= 4.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Tabs Type Plugin Vulnerable versions = 4.0.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37120 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID cca26fed23f5 Credits Jean Tirstan T Required privilege Administrator...

WordPress Responsive video embed Plugin < 0.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Responsive video embed Type Plugin Vulnerable versions 0.5.1 Fixed in 0.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5475 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 325ee9be976d Credits Felipe Caon Require...

WordPress Ali2Woo Lite Plugin <= 3.3.5 is vulnerable to Cross Site Scripting (XSS)

Software Ali2Woo Lite Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37214 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6c5e8ef725e0 Credits Majed Refaea Required privilege...

WordPress Consulting Elementor Widgets Plugin <= 1.3.0 is vulnerable to Local File Inclusion

Software Consulting Elementor Widgets Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-37092 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID cd47aa6df162 Credits Rafie Muhammad Patchstack...

WordPress WP-Lister Lite for eBay Plugin <= 3.5.8 is vulnerable to Sensitive Data Exposure

Software WP-Lister Lite for eBay Type Plugin Vulnerable versions = 3.5.8 Fixed in 3.5.9 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-24709 Patch priority Low CVSS severity Low 7.5 Developer WP Lab PSID 227921a369c8 Credits Aman Rawat Required privileg...