GHSA-MX25-J3RC-6W2W Admidio's CSRF in registration `send_login` mode resets arbitrary user passwords

Summary modules/registration.php mode sendlogin regenerates a random password for useruuidassigned, stores its bcrypt hash in admusers.usrpassword, and emails the cleartext to that user. Every other state-changing mode in the same file assignmember, assignuser, deleteuser, createuser calls...

Backdooring Masked Diffusion Language Models

Masked diffusion language models MDLMs are emerging as a compelling new paradigm for text generation, but their training-time security remains largely unexplored. Existing backdoor attacks on Gaussian diffusion models or autoregressive language models do not directly apply to MDLMs because MDLMs...

Linux Distros Unpatched Vulnerability : CVE-2023-7324

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: ses: Fix possible addldescptr out-of-bounds accesses Sanitize possible addldescptr out-of-bounds accesses in sesenclosuredataprocess. CVE-2023-7324 Note...

Oracle Virtualization 安全漏洞

Oracle Virtualization is a suite of virtualization solutions from Oracle Corporation USA. The product is used to unify the management of the entire hardware and software architecture from applications to disks, enabling virtualization from the desktop to the data center.VM VirtualBox is one of th...

EUVD-2008-1593

Malware in sbrugna...

EUVD-2024-31398

Malicious code in bioql PyPI...

CVE-2024-33686

Missing Authorization vulnerability in Extend Themes Pathway, Extend Themes Hugo WP, Extend Themes Althea WP, Extend Themes Elevate WP, Extend Themes Brite, Extend Themes Colibri WP, Extend Themes Vertice.This issue affects Pathway: from n/a through 1.0.15; Hugo WP: from n/a through 1.0.8; Althea...

CVE-2024-47676

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway Syzbot reports a UAF in hugetlbfault. This happens because vmfanonprepare could drop the per-VMA lock and allow the current VMA to be freed before hugetlbvmaunlockread is...

CVE-2024-47676

CVE-2024-47676 affects the Linux kernel’s hugetlb fault pathway. Syzbot observed a use-after-free of the VMA in hugetlb_fault() caused by vmf_anon_prepare() releasing the per-VMA lock before hugetlb_vma_unlock_read() is called. The patched fix uses a modified vmf_anon_prepare() that does not rele...

CVE-2024-33686

Missing Authorization vulnerability in Extend Themes Pathway, Extend Themes Hugo WP, Extend Themes Althea WP, Extend Themes Elevate WP, Extend Themes Brite, Extend Themes Colibri WP, Extend Themes Vertice.This issue affects Pathway: from n/a through 1.0.15; Hugo WP: from n/a through 1.0.8; Althea...

CVE-2024-33686

CVE-2024-33686 is a Missing Authorization vulnerability affecting multiple Extend Themes products (Pathway until 1.0.15; Hugo WP until 1.0.8; Althea WP until 1.0.13; Elevate WP until 1.0.15; Brite until 1.0.11; Colibri WP until 1.0.94; Vertice until 1.0.7). The CVE has a CVSSv3.1 base score of 4....

PT-2024-25441 · Extend Themes · Extend Themes Colibri Wp +6

Name of the Vulnerable Software and Affected Versions: Extend Themes Pathway versions 1.0.15 and earlier Extend Themes Hugo WP versions 1.0.8 and earlier Extend Themes Althea WP versions 1.0.13 and earlier Extend Themes Elevate WP versions 1.0.15 and earlier Extend Themes Brite versions 1.0.11 an...

WordPress Pathway theme <= 1.0.15 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Pathway versions = 1.0.15...

WordPress Pathway Theme <= 1.0.15 is vulnerable to Cross Site Request Forgery (CSRF)

Software Pathway Type Theme Vulnerable versions = 1.0.15 Fixed in 1.0.16 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-33686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2662179cc67b Credits Dhabaleshwar Das Required...

CVE-2022-27816

SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service...

CVE-2018-20419

DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account...

Design/Logic Flaw

MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to bypass intended access restrictions via the runmqsc program, related to "Pathway panels."...