CVE-2023-48715

CVE-2023-48715 affects Tuleap Community Edition and Tuleap Enterprise Edition. The root cause is that release names were not properly escaped on the edition page, enabling a malicious user who can create an FRS release to cause a user with write permissions to execute uncontrolled code. Affected ...

CVE-2023-48715 Tuleap vulnerable to Cross-site Scripting on the edition page of a release

Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.2.99.103 of Tuleap Community Edition and prior to versions 15.2-4 and 15.1-8 of Tuleap Enterprise Edition, the name of the releases are not properly escaped on the edition page of ...

The vulnerability of software for internal threat modeling in the AXIS Security Development Model of the operating system AXIS OS, due to deficiencies in access control, allows attackers to circumvent existing security restrictions.

The software vulnerability for internal threat modeling is a flaw in Axis Security’s operating system development model. Exploiting this vulnerability allows a remote attacker to bypass existing security restrictions...

CVE-2023-35039

Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15...

Authentication flaw

Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15...

CVE-2023-35039

CVE-2023-35039 affects the WordPress plugin Password Reset with Code for WordPress REST API (versions

PT-2023-9538 · Oracle · Oracle E-Business Suite +1

Name of the Vulnerable Software and Affected Versions: Oracle Process Manufacturing Product Development versions 12.2.13 through 12.2.14 Description: The issue is related to weaknesses in the authorization procedure of the Quality Manager Specification component in Oracle Process Manufacturing...

A Bootiful Podcast: Spring creator Rod Johnson and Oracle vice president Heather VanCura

Hi, Spring and software fans! In this installment of the show we have Spring creator and investor Rod Johnson and Oracle vice president Heather VanCura on the show to talk about the premise of her new book - Developer Career Masterplan, coauthored with fellow Java luminary Bruno Souza: building...

CVE-2022-29361

Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations...

PT-2023-28873 · Buildroot · Buildroot

Name of the Vulnerable Software and Affected Versions: Buildroot versions 2023.08.1 and dev commit 622698d7847 Description: A data integrity issue exists in the BR NO CHECK HASH FOR functionality, allowing a specially crafted man-in-the-middle attack to lead to arbitrary command execution in the...

CVE-2023-44381

CVE-2023-44381 affects October CMS. Affected component: template rendering in the CMS where an authenticated backend user with editor.cms_pages, editor.cms_layouts, or editor.cms_partials permissions can craft a request to inject PHP code into a CMS template due to cms.safe_mode being enabled. Th...

Malicious code in npm_package_devdependencies__types_jest (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5f8a28159fb1b2ef33b43e4aa71b0c85879d6220009091751cfa1590a1900329 The OpenSSF Package Analysis project identified 'npmpackagedevdependenciestypesjest' @ 30.5.0 npm as malicious. It is considered malicious...

7 Uses for Generative AI to Enhance Security Operations

Welcome to a world where Generative AI revolutionizes the field of cybersecurity. Generative AI refers to the use of artificial intelligence AI techniques to generate or create new data, such as images, text, or sounds. It has gained significant attention in recent years due to its ability to...

[SECURITY] Fedora 38 Update: gst-devtools-1.22.7-1.fc38

Development and debugging tools for GStreamer...

CVE-2023-44383

October is a Content Management System CMS and web platform to assist with development workflow. A user with access to the media manager that stores SVG files could create a stored XSS attack against themselves and any other user with access to the media manager when SVG files are supported. This...

CVE-2023-44383

Summary: CVE-2023-44383 affects October CMS versions affected by stored XSS when SVGs are uploaded to the Media Manager. What’s affected: October CMS (versions 3.0–3.5.x per sources) where the media manager stores SVG files. Root cause: Inadequate validation/ sanitization of uploaded SVG content ...

USN-6402-2: LibTomMath vulnerability

USN-6402-1 fixed vulnerabilities in LibTomMath. This update provides the corresponding updates for Ubuntu 23.10. Original advisory details: It was discovered that LibTomMath incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code and cause a denial ...

Extend Wiz to your Developers: Enable secure cloud development with agility

New capabilities extend Wiz CNAPP to secure the entire software pipeline, enabling organizations to securely develop for the cloud...

SOA VS MICROSERVICES – What’s the difference?

Unraveling the Code Landscape: Exploring SOA and Microservices Seamlessly The shifting sands of software development have elevated two pivotal architecture designs to influential pedestals: The Service-Oriented Architecture SOA and Microservices. Understanding their distinct characteristics,...

SUSE: Security Advisory (SUSE-SU-2023:4543-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...