WordPress Releases Update 6.4.2 to Address Critical Remote Attack Vulnerability

WordPress has released version 6.4.2 with a patch for a critical security flaw that could be exploited by threat actors by combining it with another bug to execute arbitrary PHP code on vulnerable sites. "A remote code execution vulnerability that is not directly exploitable in core; however, the...

Command injection

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to...

Auto-GPT 安全漏洞

Auto-GPT is an artificial intelligence software agent program open-sourced by Significant Gravitas. A security vulnerability exists in versions prior to Auto-GPT 0.4.3, which stems from the possibility that a malicious external resource could cause a misleading message to be printed to the consol...

Wordfence 7.10.0 Released!

Wordfence remains the number one security plugin of choice for website owners serious about protecting their investment and their customers. Our Threat Intelligence team and engineering team stay abreast of the newest threats and ensure that Wordfence is able to protect against them. But keeping ...

SUSE CVE-2015-3226

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

[SECURITY] Fedora 36 Update: golang-github-mailru-easyjson-0.7.6-6.fc36

Package Easyjson provides a fast and easy way to marshal/unmarshal Go structs to/from JSON without the use of reflection. In performance tests, easyjson outperforms the standard encoding/json package by a factor of 4-5x, and other JSON encoding packages by a factor of 2-3x. Easyjson aims to keep...

[SECURITY] Fedora 36 Update: golang-github-mailru-easyjson-0.7.6-5.fc36

Package Easyjson provides a fast and easy way to marshal/unmarshal Go structs to/from JSON without the use of reflection. In performance tests, easyjson outperforms the standard encoding/json package by a factor of 4-5x, and other JSON encoding packages by a factor of 2-3x. Easyjson aims to keep...

MongoDB 输入验证错误漏洞

Mongodb Server is the United States Mongodb company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . An input validation error vulnerability exists in MongoDB mongo-go-driver,...

Grammarly fixed XSS vulnerability that bypasses AWS WAF

Grammarly is the unicorn company that announced its open bug bounty program last September. Since that time, many security researchers posted their submissions and got paid well. Some of Grammarlys issues are also useful for others. Like the recent XSS, that also bypasses an AWS WAF. The recent X...

Flask is vulnerable to Denial of Service via incorrect encoding of JSON data

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. Th...

GHSA-VXVP-4XWC-JPP6 activesupport Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

activesupport Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

Hackers with Credit Card Scrapers Continue to Target Magento

Attackers continue to take aim at the e-commerce platform Magento. Researchers said last week they came across a malicious function snuck into one of the platform’s modules in order to steal credit card information. Code for the function was injected into a .php file for SF9 Realex, a module that...

Ian Dunn: unchecked unserialize usage in WordPress-Functionality-Plugin-Skeleton/functionality-plugin-skeleton.php

in: https://github.com/iandunn/WordPress-Functionality-Plugin-Skeleton/blob/547216caf1bef2664ec3920a9c749191dea13aeb/functionality-plugin-skeleton.phpL108 there is usage of unserialize function public function blockpluginupdates $request, $url if 0 !== strpos $url, self::PLUGINUPDATECHECKURL //...

Internet Bug Bounty: Python 2.7 32-bit JSON encoding heap corruption

https://bugs.python.org/issue28284 https://hg.python.org/cpython/rev/9375c8834448 Among other things this vulnerability will be triggered when JSON-encoding a dict with a very large key: python -c 'import json; json.dumpschr0x220x2AAAAAAB:0'...

EUVD-2015-8719

Off-by-one error in the tokenadd function in jvparse.c in jq allows remote attackers to cause a denial of service crash via a long JSON-encoded number, which triggers a heap-based buffer overflow...

Internet Bug Bounty: EIP control using type confusion in json encoding

https://bugs.python.org/issue24683 File 'eip.py' posted on the issue page proves EIP control...

DEBIAN-CVE-2015-3226

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

CVE-2015-3226

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

CVE-2015-3226

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...