PT-2025-7921 · Zoom · Zoom Sdks +1

Name of the Vulnerable Software and Affected Versions: Zoom Workplace Apps and SDKs affected versions not specified Description: A use after free issue may allow an authenticated user to conduct a denial of service via network access. Recommendations: At the moment, there is no information about ...

ZendFramework Potential Cross-site Scripting in Development Environment Error View Script

The default error handling view script generated using ZendTool failed to escape request parameters when run in the "development" configuration environment, providing a potential XSS attack vector. ZendToolProjectContextZfViewScriptFile was patched such that the view script template now calls the...

Fedora: Security Advisory for qt5-qtbase (FEDORA-2024-2e27372d4c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Tinyproxy <= 1.11.1 UAF Vulnerability

Tinyproxy is prone to an use-after-free UAF vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:banu:tinyproxy"; if...

Securing AI Development in the Cloud: Navigating the Risks and Opportunities

AI-TRiSM - Trust, Risk and Security Management in the Age of AI Co-authored by Lara Sunday and Pojan Shahrivar As artificial intelligence AI and machine learning ML technologies continue to advance and proliferate, organizations across industries are investing heavily in these transformative...

[SECURITY] Fedora 40 Update: qt5-qtbase-5.15.14-1.fc40

Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling...

CVE-2023-5751 CODESYS: Development system prone to DoS through exposure of resource to wrong sphere

A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere...

Important: Red Hat Security Advisory: nodejs : security update

An update for the nodejs:16 package is now available for Red Hat Enterprise Linux 8.6.0 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users

Cybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that's designed to drop a remote access trojan RAT on compromised systems. The package in question is glup-debugger-log, which targets users of the gulp toolkit by masquerading as a "logger for...

GHSA-V35G-4RRW-H4FW Symfony Cross-Site Request Forgery vulnerability in the Web Profiler

All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony WebProfiler bundle are affected by this security issue. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5.4. Note that no fixes are provided for Symfony 2.0, 2.1, and 2.2 as they are not maintained anymore...

SUSE: Security Advisory (SUSE-SU-2024:1833-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:1847-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-65V7-WG35-2QPM Sylius Resource Bundle Cross-Site Request Forgery vulnerability

Sylius 1.0.0 to 1.0.16, 1.1.0 to 1.1.8, 1.2.0 to 1.2.1 versions of AdminBundle and ResourceBundle are affected by this security issue. This issue has been fixed in Sylius 1.0.17, 1.1.9 and 1.2.2. Development branch for 1.3 release has also been fixed. Description The following actions in the admi...

CVE-2024-35548

A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications...

Microchip MPLAB 安全漏洞

Microchip MPLAB Net is an integrated development environment from Microchip Corporation. A security vulnerability exists in Microchip MPLAB that stems from the presence of a data validation issue...

PT-2024-40251 · Packagist · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: dev/build system controller affected versions not specified Description: A possible denial of service attack vector has been identified. The dev/build system now uses its own URL token for authentication when running outside of dev...

PT-2024-40358 · Silverstripe · Silverstripe

Name of the Vulnerable Software and Affected Versions: SilverStripe versions 3.7 through 4.x Description: The issue potentially discloses database connection details when SilverStripe is run in dev mode using the mysqli database driver. To mitigate this, sensitive parts of the connection...

PT-2024-40090 · Silverstripe · Silverstripe

Name of the Vulnerable Software and Affected Versions: SilverStripe versions prior to 4.x Description: The issue allows unauthorized users to expose information typically hidden in production environments, such as verbose errors and debugging tools, by accessing certain URL parameters. This is...

Fedora: Security Advisory (FEDORA-2024-d408b654d6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-2ec03ca8cb)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...