Kirby vulnerable to Cross-site scripting (XSS) in the link field "Custom" type

TL;DR This vulnerability affects Kirby sites that use the new link field and output the entered link without additional validation or sanitization. The attack commonly requires user interaction by another user or visitor. The link dialog of the writer field is not affected as the writer field...

CVE-2024-21890

A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/...

CVE-2024-26582

creationtimestamp| type| source ---|---|--- 2024-02-21 16:31:22+00:00| seen| https://t.me/ctinow/189734 2024-02-21 16:31:29+00:00| seen| https://t.me/ctinow/189741 2024-02-22 16:11:25+00:00| seen| https://t.me/ctinow/190857 2024-02-22 21:29:31+00:00| seen| https://t.me/arpsyndicate/4058 2024-02-2...

agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`

Impact The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using...

CVE-2024-21890

The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/. This misleading documentation affects all users...

Design/Logic Flaw

The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/. This misleading documentation affects all users...

CVE-2024-21890

The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/. This misleading documentation affects all users...

CVE-2024-21890

The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/. This misleading documentation affects all users...

CVE-2024-21890

The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/. This misleading documentation affects all users...

CVE-2024-21890

CVE-2024-21890 affects Node.js where the experimental Permission Model mishandles wildcards in --allow-fs-read/--allow-fs-write, allowing access beyond the intended path due to improper path traversal sanitization. Affected are Node.js 20/21 with the experimental permission model; mitigation is t...

The vulnerability of the agent for Windows software used in automated programming and documentation creation for Unicam FX assembly, which allows a perpetrator to increase their privileges.

The vulnerability of the Windows software agent for automated programming and documentation generation for Unicam FX assembly is related to the improper use of privileged APIs. Exploiting this vulnerability can allow an attacker to increase their privileges...

CVE-2024-1638

The documentation specifies that the BTGATTPERMREADLESC and BTGATTPERMWRITELESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true when i...

PT-2024-20610 · Unknown · Knowledge Base For Documentation

Name of the Vulnerable Software and Affected Versions: Knowledge Base for Documentation, FAQs with AI Assistance versions n/a through 11.30.2 Description: The issue is related to Deserialization of Untrusted Data, which affects the Knowledge Base for Documentation, FAQs with AI Assistance plugin...

be.yildiz-games:module-window-javafx (>=3.2.2 <=3.5.4), com.acrolinx.client:sidebar-sdk-java (>=2.5.21 <=2.8.1) +149 more potentially affected by CVE-2024-20925 via org.openjfx:javafx-media (>=18 <=21.0.11)

org.openjfx:javafx-media MAVEN version =18, =3.2.2, =2.5.21, =3.1.0, =1.8.0, =1.2.0, =17.1, =17.1, =17.1, =17.1, =17.1, =17.1, =17.1, =2022.2023, =2022.2023.beta1 and more Source cves: CVE-2024-20925 Source advisory: OSV:GHSA-47G3-MF24-6559...

Important: Red Hat Bug Fix Advisory: OpenShift sandboxed containers 1.5.2 update

OpenShift sandboxed containers 1.5.2 is now available. OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime. This advisory contains an update for OpenShift sandboxed containers...

Siemens Unicam FX 安全漏洞

UniCam FX provides solutions for standardized PCB assembly process planning, machine programming and generation of process documentation and manual insertion instructions. A local elevation of privilege vulnerability exists in Siemens UniCam FX, which can be exploited by an attacker to perform a...

Open-Xchange App Suite Security Vulnerability

Open-Xchange App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange App Suite that stems from a user ID reference not properly cleaned up as mentioned in the documentation notes, where script code could be injected...

documentation.clearcanvas.ca Cross Site Scripting vulnerability OBB-3851335

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

SUSE-SU-2024:0430-1 Security update for cosign

This update for cosign fixes the following issues: Updated to 2.2.3 jscSLE-23879: Bug Fixes: Fix race condition on verification with multiple signatures attached to image 3486 fixclean: Fix clean cmd for private registries 3446 Fixed BYO PKI verification 3427 Features: Allow for option in cosign...

CVE-2024-24938

In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation...