NewStart CGSL MAIN 6.02 : dnf-plugins-core Vulnerability (NS-SA-2024-0064)

The remote NewStart CGSL host, running version MAIN 6.02, has dnf-plugins-core packages installed that are affected by a vulnerability: - A flaw was found in libdnf's signature verification functionality. This flaw allows an attacker to achieve code execution if they can alter the header...

HTML injection in JupyterLite leading to DOM Clobbering

Impact The vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data accessible from JupyterLite and perform arbitrary actions in JupyterLite environment. Patches JupyterLi...

CVE-2024-8247 Newsletters <= 4.9.9.2 - Authenticated Privilege Escalation

The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2. This is due to the plugin not restricting what user meta can be updated as screen options. This makes it possible for authenticated attackers, with subscriber-level access and...

How To Find XSS (Cross-Site Scripting) Vulnerabilities in WordPress Plugins and Themes

Yesterday, we announced the WordPress XSSplorer Challenge for the Wordfence Bug Bounty Program. The objective of this promotion is to help beginners get started in WordPress bug bounty hunting by opening up the scope of our Bug Bounty Program. Cross-Site Scripting vulnerabilities reported in...

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 26, 2024 to September 1, 2024)

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024, researchers c...

CVE-2024-6332

The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the 'ameliaButtonCommand' function in all versions up to, and including, Premium 7.7 and Lite 1.2.3. This makes it...

CVE-2024-6332 Booking for Appointments and Events Calendar – Amelia Premium <= 7.7 and Lite <= 1.2.4 - Missing Authorization to Sensitive Information Exposure

The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the 'ameliaButtonCommand' function in all versions up to, and including, Premium 7.7 and Lite 1.2.4. This makes it...

WordPress plugin Advanced Custom Fields和WordPress plugin Advanced Custom Fields Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

AlmaLinux 9 : containernetworking-plugins (ALSA-2024:6186)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:6186 advisory. golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm CVE-2024-24783 Tenable has extracted the preceding description block direct...

Moderate: Red Hat Security Advisory: containernetworking-plugins security update

An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

containernetworking-plugins security update

1:1.4.0-5 - rebuild for CVE-2024-24783 - Resolves: RHEL-28431...

Oracle Linux 9 : containernetworking-plugins (ELSA-2024-6186)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-6186 advisory. - rebuild for CVE-2024-24783 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

RHEL 9 : containernetworking-plugins (RHSA-2024:6186)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:6186 advisory. The Container Network Interface CNI project consists of a specification and libraries for writing plug- ins for configuring network interfaces in Lin...

BIT-JUPYTER-NOTEBOOK-2024-43805 HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user c...

HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering

Impact The vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user...

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 19, 2024 to August 25, 2024)

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 14th, researchers can earn up to $31,200, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and ...

Powermail TYPO3 extension Broken Access Control in the OutputController

An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the configuration of the Powermail Frontend plugins...

Important: Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.2.3 bugfix release

Red Hat Developer Hub 1.2.3 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

CVE-2024-43805

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user c...

CVE-2024-43805

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user c...