Symphony Communication ServicesHp Symphony 安全漏洞

Symphony Communication ServicesHp Symphony is a solution from Symphony Communication ServicesHp, Inc. for connecting and liquefying financial transaction workflows. A security vulnerability exists in Symphony Communication ServicesHp Symphony that stems from the fact that when using a persistent...

CVE-2024-45878

The "Stammdaten" menu of baltic-it TOPqw Webportal v1.35.283.2 fixed in version 1.35.291, in /Apps/TOPqw/qwStammdaten.aspx, is vulnerable to persistent Cross-Site Scripting XSS...

flatpak: Access to files outside sandbox for apps using persistent= (--persist)

A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files outside the...

CVE-2024-50601

Persistent and reflected XSS vulnerabilities in the themeMode cookie and h URL parameter of Axigen Mail Server up to version 10.5.28 allow attackers to execute arbitrary Javascript. Exploitation could lead to session hijacking, data leakage, and further exploitation via a multi-stage attack. Fixe...

CVE-2024-50601

Persistent and reflected XSS vulnerabilities in the themeMode cookie and h URL parameter of Axigen Mail Server up to version 10.5.28 allow attackers to execute arbitrary Javascript. Exploitation could lead to session hijacking, data leakage, and further exploitation via a multi-stage attack. Fixe...

UBUNTU-CVE-2024-50184

In the Linux kernel, the following vulnerability has been resolved: virtiopmem: Check device status before requesting flush If a pmem device is in a bad status, the driver side could wait for host ack forever in virtiopmemflush, causing the system to hang. So add a status check in the beginning o...

CVE-2023-52045

Studio-42 eLfinder 2.1.62 contains a filename restriction bypass leading to a persistent Cross-site Scripting XSS vulnerability...

CVE-2023-52045

CVE-2023-52045 affects Studio-42 elFinder 2.1.62, where a filename restriction bypass leads to a persistent XSS vulnerability. Impact: stored XSS via crafted filenames; context is in elFinder file handling. Remediation: upgrade to elFinder 2.1.63 or higher (as reported by Snyk/Veracode/Red Hat re...

CVE-2023-52045

Studio-42 eLfinder 2.1.62 contains a filename restriction bypass leading to a persistent Cross-site Scripting XSS vulnerability...

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.17.0 Security, Enhancement, & Bug Fix Update

Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.17.0 on Red Hat Enterprise Linux 9. Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container...

Cookiebot + GTM - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-055

This module makes it possible for you to integrate Cookiebot and Google Tag Manager in a fast and simple way. The module doesn't sufficiently filter for malicious script leading to a persistent cross site scripting XSS vulnerability...

JetBrains Hub Improper Access Control Vulnerability

JetBrains Hub is a Web-based identity management service launched by JetBrains, which is mainly used for centralized management of YouTrack, TeamCity and other team collaboration tools such as user authentication, permission assignment and project collaboration. JetBrains Hub suffers from an...

JetBrains Hub 安全漏洞

JetBrains Hub is a Web-based identity management service launched by JetBrains, which is mainly used for centralized management of YouTrack, TeamCity and other team collaboration tools such as user authentication, permission assignment and project collaboration. JetBrains Hub suffers from an...

Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor

Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest Ethereum private keys and gain remote access to the machine via the secure shell SSH protocol. The packages attempt to "gain SSH access to the victim's machine by...

Unmasking Lumma Stealer: Analyzing Deceptive Tactics with Fake CAPTCHA

Summary Lumma Stealer is an information-stealing malware available through a Malware-as-a-Service MaaS. It specializes in stealing sensitive data such as passwords, browser information, and cryptocurrency wallet details. The attacker has advanced its tactics, moving from traditional phishing to...

SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack

An advanced persistent threat APT actor with suspected ties to India has sprung forth with a flurry of attacks against high-profile entities and strategic infrastructures in the Middle East and Africa. The activity has been attributed to a group tracked as SideWinder, which is also known as...

Malicious code in jifa-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c700c6936dcb6a2eb1fbff5232aa1305e7e989c7ce3ce5ef847c3efc413f04e4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in new-al-bum-av-ailable-2014-15374-tourniquets-hacksaws-and-graves-53p3g-eabxqr (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e55ad95ce8db20fb7a4867c68d83feef1239cd52cd8a74058f49cb9c9d443daf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in mp3-file-zip-d-ownload-push-the-sky-away-m86s1-rigirm (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aa43de94a064d8c602ce88408a0fab3a3c1d87c658eaa342cd9dff9c3fdb624b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-45741 Persistent Cross-Site Scripting (XSS) via props.conf on Splunk Enterprise

In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" paramete...