PT-2024-5346

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.0 through 17.0.3 GitLab CE/EE versions 17.1 through 17.1.1 Description The issue is related to insufficient access control in the admin compliance framework function of the Group Namespace URL Handler component in...

CVE-2024-22020

A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...

CVE-2024-22020

A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...

CVE-2024-22020

CVE-2024-22020 (Node.js) is a real vulnerability affecting Node.js where an attacker can bypass network import restrictions by embedding non-network imports in data URLs, enabling arbitrary code execution. The issue is documented across multiple advisories (e.g., Debian DSA, CBLMariner, AlmaLinux...

CVE-2024-22020

A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...

CVE-2024-22020

A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...

End-to-End Secrets Security: Making a Plan to Secure Your Machine Identities

At the heart of every application are secrets. Credentials that allow human-to-machine and machine-to-machine communication. Machine identities outnumber human identities by a factor of 45-to-1 and represent the majority of secrets we need to worry about. According to CyberArk's recent research,...

The Windows Registry Adventure #3: Learning resources

Posted by Mateusz Jurczyk, Google Project Zero When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible. This gets especially interesting when it's a subsystem as old and fundamental as the Windows registry...

Exploit for OS Command Injection in Zyxel Nas326_Firmware

CVE-2024-29973 Exploiter a Vulnerability detection and Exploit...

CVE-2024-37166

CVE-2024-37166 affects the ghtml template engine. It enables user-controlled JavaScript execution in some render paths, i.e., an XSS risk. Version 2.0.0 adds mitigations by escaping HTML-special characters and the backtick, but the advisory states this does not provide comprehensive XSS protectio...

CVE-2024-37166 ghtml Cross-Site Scripting (XSS) vulnerability

ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting XSS vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated...

Fedora: Security Advisory (FEDORA-2024-a702b78744)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: python3.6-3.6.15-28.fc39

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

[SECURITY] Fedora 40 Update: python3.6-3.6.15-30.fc40

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

CVE-2024-36119 Password confirmation stored in plain text via registration form in statamic/cms

Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the user:registerform tag will have their password confirmation stored in plain text in their user file. This only affects sites matching all of the following conditions: 1. Running...

Cybercriminals Abuse Stack Overflow to Promote Malicious Python Package

Cybersecurity researchers have warned of a new malicious Python package that has been discovered in the Python Package Index PyPI repository to facilitate cryptocurrency theft as part of a broader campaign. The package in question is pytoileur, which has been downloaded 316 times as of writing...

[SECURITY] Fedora 40 Update: qt6-qtpositioning-6.7.1-1.fc40

The Qt Positioning APIs gives developers the ability to determine a position by using a variety of possible sources, including satellite, or wifi, or text file, and so on...

Analog Launches Testnet, Allocates 2% Token Supply for Participants

By Uzair Amir Analog’s Testnet is open for developers, community and validators, participants can complete quests and climb the ATP leaderboard… This is a post from HackRead.com Read the original post: Analog Launches Testnet, Allocates 2% Token Supply for Participants...

ALSA-2024:3105 Moderate: python3.11-cryptography security update

The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and recipes to Python developers. Security Fixes: python-cryptography: NULL-dereference when loading PKCS7 certificates CVE-2023-49083 For more details...

The Wordfence Affiliate Program Officially Launches Today

Today, we are officially launching the Wordfence Affiliate Program. If you love securing WordPress and are passionate about helping make the Web a safer place, click here to apply to the program now. This is an exciting opportunity for us to give back to our incredible community who have been...