RHEL 8 : python27:2.7 (RHSA-2023:5990)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5990 advisory. Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types...

CVE-2024-3245

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Youtube block in all versions up to, and including, 3.9.14 due to insufficie...

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor < 3.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedpresscalendar' shortcode in all versions up to, and...

CVE-2024-2688

The CVE-2024-2688 entry concerns the WordPress plugin EmbedPress (all versions up to 3.9.12; 3.9.13 introduced a fix). Root cause: insufficient input sanitization and output escaping on EmbedPress widget attributes (embedpress_doc_custom_color). Impact: authenticated attackers with Contributor+ p...

New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics

A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEPGOSU, said it's likely associated with the North Korean state-sponsored group...

Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites

Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate information theft. "It uses an unorthodox HTML smuggling technique where the malicious payload is...

Doppler: Acquisition on broken link listed on the page "https://docs.doppler.com/docs/removal-deprecated-packages-scripts in [scheduling a call]

The report describes a broken link on the Doppler documentation website. The broken link was located on the page "https://docs.doppler.com/docs/removal-deprecated-packages-scripts" in the "scheduling a call" section. The broken link pointed to "https://calendly.com/doppler-ryan/onsite-install",...

Google-Dorks-Bug-Bounty - A List Of Google Dorks For Bug Bounty, Web Application Security, And Pentesting

A list of Google Dorks for Bug Bounty, Web Application Security, and Pentesting Live Tool Broad domain search w/ negative search site:example.com -www -shop -share -ir -mfa PHP extension w/ parameters site:example.com ext:php inurl:? Disclosed XSS and Open Redirects site:openbugbounty.org...

Fedora: Security Advisory for icecat (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials

The CORS middleware allows for insecure configurations that could potentially expose the application to multiple CORS-related vulnerabilities. Specifically, it allows setting the Access-Control-Allow-Origin header to a wildcard "" while also having the Access-Control-Allow-Credentials set to true...

Cloudflare Breach: Nation-State Hackers Access Source Code and Internal Docs

Cloudflare has revealed that it was the target of a likely nation-state attack in which the threat actor leveraged stolen credentials to gain unauthorized access to its Atlassian server and ultimately access some documentation and a limited amount of source code. The intrusion, which took place...

Fedora: Security Advisory for python3-docs (FEDORA-2023-0583eedde7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Malicious code in cloudflare-docs-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0bbb41f9171f3ad4b1423390d2a5288a5da4ee679c8757975bc22b33c93e63ea Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-62 Malicious code in cloudflare-docs-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0bbb41f9171f3ad4b1423390d2a5288a5da4ee679c8757975bc22b33c93e63ea Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Tech Docs Template Cross-Site Scripting Vulnerability

Tech Docs Template is an open source Gem distribution technical documentation project from Government Digital Service. A security vulnerability exists in Tech Docs Template versions prior to 2.0.2 through 3.3.1, which stems from a cross-site scripting XSS vulnerability. An attacker can exploit th...

[SECURITY] Fedora 38 Update: python3.12-3.12.1-2.fc38

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable:...

openSUSE 15 Security Update : tinyxml (SUSE-SU-2023:4958-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:4958-1 advisory. - StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion and application exit via a crafted XML...

Malicious code in spectro-cloud-docs (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f5f48697cbdd8e8f64a4634d5d8ea37633a9f97394cf53ceac7d2e6a05fb41e Any computer that has this package install...

MAL-2023-8700 Malicious code in spectro-cloud-docs (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f5f48697cbdd8e8f64a4634d5d8ea37633a9f97394cf53ceac7d2e6a05fb41e Any computer that has this package install...

How to Stop Google From Deleting Your Inactive Account

Your inactive profiles, like Gmail or Docs, could turn into digital dust later this year. A few clicks can save them...