CVE-2020-36750

The CVE-2020-36750 entry concerns the WordPress EWWW Image Optimizer plugin. Affected component: ewww_ngg_bulk_init() function in versions up to and including 5.8.1. Root cause: insufficient nonce validation leads to a Cross-Site Request Forgery (CSRF). Impact: unauthenticated attackers could tri...

CVE-2023-25706

Cross-Site Request Forgery CSRF vulnerability in Pagup WordPress Robots.Txt optimization plugin = 1.4.5 versions...

CVE-2023-25706

Cross-Site Request Forgery CSRF vulnerability in Pagup WordPress Robots.Txt optimization plugin = 1.4.5 versions...

WordPress Plugin WordPress Robots.txt optimization (+ XML Sitemap) – Website traffic, SEO & ranking Booster 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin WordPress Robots.txt...

Security Bulletin: IBM Decision Optimization in IBM Cloud Pak for Data is vulnerable to a xml2js vulnerability (CVE-2023-0842)

Summary Xmljs is used in IBM Decision Optimization in IBM Cloud Pak for Data. IBM Decision Optimization in IBM Cloud Pak for Data has addressed the reported vulnerability. Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote attacker to execute arbitrary code on the...

Security Bulletin: IBM Decision Optimization in IBM Cloud Pak for Data is vulnerable to OpenSSL denial of service (Cryptography package)

Summary There is a potential OpenSSL denial of service vulnerability in IBM Decision Optimization in IBM Cloud Pak for Data. IBM Decision Optimization in IBM Cloud Pak for Data has addressed the vulnerability. Vulnerability Details CVEID:CVE-2023-0286 DESCRIPTION: OpenSSL is vulnerable to a denia...

Security Bulletin: IBM Decision Optimization in IBM Cloud Pak for Data is vulnerable to YAML denial of service (CVE-2023-2251)

Summary YAML is used in IBM Decision Optimization in IBM Cloud Pak for Data. IBM Decision Optimization in IBM Cloud Pak for Data has addressed the reported vulnerability. Vulnerability Details CVEID:CVE-2023-2251 DESCRIPTION: YAML is vulnerable to a denial of service, caused by an uncaught...

Maximizing Performance with Wallarm Filtering Nodes in Amazon’s Global Infrastructure

Introduction In todays digital landscape, ensuring the security and performance of web applications is paramount. To achieve optimal protection against cyber threats, organizations deploy web application and API protection WAAPs like Wallarm. However, to truly leverage the benefits of Wallarm,...

PT-2023-25102 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.70 through 7.4.3.76 Liferay DXP 7.4 update 70 through 76 Description: A cross-site request forgery CSRF issue in the Layout module's SEO configuration allows remote attackers to execute arbitrary code in the...

Guide to Serverless Architecture Design Patterns

Discover the power of serverless architecture design patterns for scalable and efficient application development. Explore EDA, pub-sub, fan-out/fan-in, strangler, and saga patterns. Learn how to select, implement, and optimize them for your needs...

CVE-2023-29548

A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox 112, Focus for Android 112, Firefox ESR 102.10, Firefox for Android 112, and Thunderbird 102.10...

CVE-2023-29548

A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox 112, Focus for Android 112, Firefox ESR 102.10, Firefox for Android 112, and Thunderbird 102.10...

CVE-2023-29548

A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox 112, Focus for Android 112, Firefox ESR 102.10, Firefox for Android 112, and Thunderbird 102.10...

CVE-2023-29548

A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox 112, Focus for Android 112, Firefox ESR 102.10, Firefox for Android 112, and Thunderbird 102.10...

Use-After-Free

hermes-engine is vulnerable to Use-After-Free. When Hermes allows execution of untrusted JavaScript, an attacker is able to execute arbitrary code on the target system via a carefully crafted malicious payload, which is made possible due to a bytecode optimization bug, that results in...

git: data exfiltration with maliciously crafted repository

A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GITDIR/objects directory contains symbolic links CVE-2022-39253, the objects...

git: data exfiltration with maliciously crafted repository

A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GITDIR/objects directory contains symbolic links CVE-2022-39253, the objects...

CVE-2023-28081

A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute untrusted...

CVE-2023-28081

A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute untrusted...

CVE-2023-28081

A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute untrusted...