github.com/cosmos/ibc-go affected by IBC protocol "Huckleberry" vulnerability

The ibc-go module is affected by the Inter-Blockchain Communication IBC protocol "Huckleberry" vulnerability...

GHSA-QJCV-RX3V-7MVJ github.com/cosmos/ibc-go affected by IBC protocol "Huckleberry" vulnerability

The ibc-go module is affected by the Inter-Blockchain Communication IBC protocol "Huckleberry" vulnerability...

CVE-2024-4985

An authentication bypass vulnerability was present in the GitHub Enterprise Server GHES when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an attacker to forge a SAML response to provision and/or gain access to a user with...

CVE-2024-4985

An authentication bypass vulnerability was present in the GitHub Enterprise Server GHES when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an attacker to forge a SAML response to provision and/or gain access to a user with...

GO-2024-2632 JWX vulnerable to a denial of service attack using compressed JWE message in github.com/lestrrat-go/jwx

An attacker with a trusted public key may cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the recipient, it results in significant memory allocation and processing time duri...

GO-2024-2702 Code injection vulnerability in github.com/flipped-aurora/gin-vue-admin/server

Gin-vue-admin has a code injection vulnerability in the backend. In the Plugin System - Plugin Template feature, an attacker can perform directory traversal by manipulating the 'plugName' parameter. They can create specific folders such as 'api', 'config', 'global', 'model', 'router', 'service',...

Cyber Criminals Exploit GitHub and FileZilla to Deliver Malware Cocktail

A "multi-faceted campaign" has been observed abusing legitimate services like GitHub and FileZilla to deliver an array of stealer malware and banking trojans such as Atomic aka AMOS, Vidar, Lumma aka LummaC2, and Octo by impersonating credible software like 1Password, Bartender 5, and Pixelmator...

WordPress XStore Theme 9.3.8 SQL Injection

Exploit Title: Wordpress Theme XStore 9.3.8 - SQLi Google Dork: N/A Date: 2024-05-16 Exploit Author: Abdualhadi khalifa https://twitter.com/absholily Version: 5.3.5 Tested on: Windows10 CVE: CVE-2024-33559 Poc POST /?s=%27%3B+SELECT++FROM+wpposts%3B+-- HTTP/1.1 Host: example.com User-Agent:...

CVE-2024-35846 mm: zswap: fix shrinker NULL crash with cgroup_disable=memory

In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix shrinker NULL crash with cgroupdisable=memory Christian reports a NULL deref in zswap that he bisected down to the zswap shrinker. The issue also cropped up in the bug trackers of libguestfs 1 and the Red Hat...

Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2024-1708)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-35301

In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token...

CVE-2024-35301

In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token...

eZ Publish Legacy Cross-site Scripting (XSS) in 'disabled module' error template

This security advisory fixes a vulnerability in eZ Publish Legacy, and we recommend that you install it as soon as possible if you are using Legacy via the LegacyBridge. Installations where all modules are disabled may be vulnerable to XSS injection in the module name. This is a rare configuratio...

CVE-2024-35183 wolfictl leaks GitHub tokens to remote non-GitHub git servers

wolfictl is a command line tool for working with Wolfi. A git authentication issue in versions prior to 0.16.10 allows a local user’s GitHub token to be sent to remote servers other than github.com. Most git-dependent functionality in wolfictl relies on its own git package, which contains...

eZ Publish Information disclosure in backend content tree menu

This security advisory fixes an information disclosure vulnerability in the legacy admin content tree menu. If a view has been disabled in site.ini SiteAccessRules Rules, and an attacker accesses the backend with the URL to this module, then the tree menu may be displayed. Since the tree menu may...

Cross-site Scripting in eZFind spellcheck

This security advisory fixes a vulnerability in the legacy eZ Find extension, which can be used with the LegacyBridge in eZ Platform. It affects sites using the "Did you mean...?" spell check / search suggestion feature. This feature is vulnerable to Cross-site Scripting XSS injection reflected...

Exploit for SQL Injection in Valvepress Automatic

CVE-2024-27956-RCE File Package Contents: 1. exploit.py...

Cacti 1.2.26 Remote Code Execution Vulnerability

---------------------------------------------------------------- Cacti = 1.2.26 import.php Remote Code Execution Vulnerability ---------------------------------------------------------------- - Software Link: https://cacti.net - Affected Versions: Version 1.2.26 and prior versions. - Vulnerabilit...

GHSA-HHC7-X9W4-CW47 Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 8.0. This advisory also provides guidance on what developers can do to update their...

Scrapy's redirects ignoring scheme-specific proxy settings

Impact When using system proxy settings, which are scheme-specific i.e. specific to http:// or https:// URLs, Scrapy was not accounting for scheme changes during redirects. For example, an HTTP request would use the proxy configured for HTTP and, when redirected to an HTTPS URL, the new HTTPS...