CVE-2024-26128

CVE-2024-26128 applies to baserCMS. A cross-site scripting vulnerability exists in the Content Management feature in versions prior to 5.0.9. The issue is mitigated by upgrading to 5.0.9 or later, which includes the fix. Connected sources also reference fixes in 5.0.10 per later advisories. The v...

CVE-2024-26128 baserCMS Cross-site Scripting vulnerability in Content Management

baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability...

Cross site scripting

baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the site search feature. Version 5.0.9 contains a fix for this vulnerability...

Command injection

baserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability...

CVE-2023-51450

Based on the connected sources, CVE-2023-51450 affects baserCMS prior to version 5.0.9, where an OS command injection exists in the site search feature. The root cause is improper handling/filtration of constructed command characters, enabling arbitrary command execution. Public impact statements...

CVE-2023-44379 baserCMS Cross-site Scripting vulnerability in Site search Feature

baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the site search feature. Version 5.0.9 contains a fix for this vulnerability...

New Leak Shows Business Side of China’s APT Menace

A new data leak that appears to have come from one of Chinas top private cybersecurity firms provides a rare glimpse into the commercial side of Chinas many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign...

SUSE: Security Advisory (SUSE-SU-2024:0578-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Top Software Development Outsourcing Trends

By Uzair Amir Eastern Europe is swiftly rising to prominence in the software development outsourcing sector. This ascendance is marked not… This is a post from HackRead.com Read the original post: Top Software Development Outsourcing Trends...

Why Front-End Development Matters for Online Businesses?

By Owais Sultan Front-end development, sometimes called client-side development, creates CSS, HTML, and JavaScript for online apps and sites so users… This is a post from HackRead.com Read the original post: Why Front-End Development Matters for Online Businesses?...

Siemens Polarion ALM Authentication Error Vulnerability

Polarion ALM is an application lifecycle management solution that improves the software development process with a single, unified solution for requirements, coding, testing and release. An authentication error vulnerability exists in Siemens Polarion ALM, which can be exploited by an attacker to...

Siemens Polarion ALM Faulty Default Privileges Vulnerability

Polarion ALM is an application lifecycle management solution that improves the software development process with a single, unified solution for requirements, coding, testing and release. Siemens Polarion ALM has a false default privilege vulnerability that can be exploited by an attacker to...

Silicon Labs Gecko SDK Security Vulnerability

The Silicon Labs Gecko SDK GSDK is an open source library from Silicon Labs. Combines the Silicon Labs Wireless Software Development Kit SDK and the Gecko platform into one integrated package. A security vulnerability exists in Silicon Labs Gecko SDK v4.4.0 and earlier versions, which stems from ...

symphonydevelopmentgroup.com Cross Site Scripting vulnerability OBB-3854612

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

[SECURITY] Fedora 39 Update: qt5-qtbase-5.15.12-5.fc39

Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling...

SUSE: Security Advisory (SUSE-SU-2024:0520-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Overworld secures $10M for cross-platform ARPG development

By Owais Sultan Debut Title Overworld Designed Around Multiplayer Role-Playing Action. This is a post from HackRead.com Read the original post: Overworld secures $10M for cross-platform ARPG development...

5 Ways to Maximize the Impact of IaC Scans

By Uzair Amir Infrastructure-as-code IaC continues to gain traction and is even hailed for having changed software development towards greater efficiency… This is a post from HackRead.com Read the original post: 5 Ways to Maximize the Impact of IaC Scans...

EDK2 Security Vulnerability

EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. EDK2 suffers from a security vulnerability that stems from allowing insecure default settings that allow an attacker to bypass secure boot...

EDK2 Security Vulnerability

EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. EDK2 suffers from a security vulnerability that stems from allowing insecure default settings that allow an attacker to bypass secure boot...