xfpt 安全漏洞

xfpt is a program by Philip Hazel, an individual developer. It converts a UTF-8 encoded tagged source document into an XML document. A security vulnerability exists in versions prior to xfpt 1.01 that stems from a failure to properly handle certain parameters in the input data, resulting in a...

1,000,000 WordPress Sites Protected Against Unique Remote Code Execution Vulnerability in WPML WordPress Plugin

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 14th, researchers can earn up to $31,200, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and ...

Key Takeaways From The Take Command Summit: Navigating New SEC Cybersecurity Disclosure Rules

Understanding and complying with the new SEC Cybersecurity Disclosure Rules is a daunting task for many organizations. The Rapid7 Take Command Summit provided an in-depth look at these regulations, offering valuable guidance for cybersecurity professionals. Here are three key takeaways from the...

apex.sia.org.sg Cross Site Scripting vulnerability OBB-3960334

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Stack-based Buffer Overflow

github.com/cosmwasm/wasmd is vulnerable to Stack-based Buffer Overflow. The vulnerability is due to improper memory handling, which can lead to stack overflow conditions.This can potentially crash the program or allow attackers to execute arbitrary code...

dahaboo.com Cross Site Scripting vulnerability OBB-3960277

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 12, 2024 to August 18, 2024)

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 14th, researchers can earn up to $31,200, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and ...

New Malware PG_MEM Targets PostgreSQL Databases for Crypto Mining

Cybersecurity researchers have unpacked a new malware strain dubbed PGMEM that's designed to mine cryptocurrency after brute-forcing their way into PostgreSQL database instances. "Brute-force attacks on Postgres involve repeatedly attempting to guess the database credentials until access is gaine...

CVE-2024-21690

This High severity Reflected XSS and CSRF Cross-Site Request Forgery vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.1, 8.8.0, and 8.9.0 of Confluence Data Center and Server. This Reflected XSS and CSRF Cross-Site Request Forgery...

CVE-2024-21690

This High severity Reflected XSS and CSRF Cross-Site Request Forgery vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.1, 8.8.0, and 8.9.0 of Confluence Data Center and Server. This Reflected XSS and CSRF Cross-Site Request Forgery...

CVE-2024-21690

This High severity Reflected XSS and CSRF Cross-Site Request Forgery vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.1, 8.8.0, and 8.9.0 of Confluence Data Center and Server. This Reflected XSS and CSRF Cross-Site Request Forgery...

gbstandards.org Cross Site Scripting vulnerability OBB-3959937

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

mail.pharmasm.com Cross Site Scripting vulnerability OBB-3959930

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry

A flaw was found in the Linux kernel’s IPC system. This flaw allows an attacker to use a specially crafted program to cause a rare race condition, leading to a denial of service...

systemcaresitsolutions.com Cross Site Scripting vulnerability OBB-3959854

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

library.dphen1.com Improper Access Control vulnerability OBB-3959812

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

smartdefine.org Improper Access Control vulnerability OBB-3959805

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Vim Memory Reference Error Vulnerability (CNVD-2024-40461)

Vim is Vim open source a cross-platform text editor . Vim suffers from a Memory Reference Error vulnerability that stems from a confusion in the instruction responsible for freeing memory in parameter list handling. An attacker can exploit the vulnerability which may result in a program crash,...

CVE-2024-7711

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was only exploitable inside a public repository. This vulnerability affected GitHub Enterprise Server...

CVE-2024-6337

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pullrequestwrite: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access...