[TagAwareCipher] - Decryption Failure (Regex Match)

Impact Vulnerability in SecureProps involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded with NullEncoder and passed to TagAwareCipher, and contains special characters such as \n. As a result, the decryption process is...

GHSA-W5WX-6G2R-R78Q Nuclei allows unsigned code template execution through workflows

Overview A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing custom workflows, potentially allowing the execution of malicious code on the user's system. This...

CVE-2024-28236 Insecure Variable Substitution in Vela

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string...

BIT-MINIO-2022-24842 Improper Privilege Management in MinIO

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. A security issue was found where an non-admin user is able to create service accounts for root or other admin users and then is able to assume their access policies via the generated credentials. Thi...

PT-2024-22298 · Jenkins · Jenkins Bitbucket Branch Source Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Bitbucket Branch Source Plugin versions 866.vdea 7dcd3008e and earlier, except version 848.850.v6a a 2a 234a c81 Description: The issue allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket...

PT-2024-15407 · Langchain Ai · Langchain

Name of the Vulnerable Software and Affected Versions: langchain versions prior to the version that includes the fix from https://github.com/langchain-ai/langchain/pull/15559 Description: The issue arises when an attacker controls the contents of a website, such as https://example.com, and places...

PT-2024-29282 · Unknown · Monkeytype

Name of the Vulnerable Software and Affected Versions: Monkeytype versions prior to 24.30.0 Description: The issue concerns a Poisoned Pipeline Execution through Code Injection in the ci-failure-comment.yml GitHub Workflow of Monkeytype. This vulnerability allows attackers to gain pull-requests...

Metasploit Weekly Wrap-Up 02/16/2024

New Fetch Payload It has been almost a year since Metasploit released the new fetch payloads and since then, 43 of the 79 exploit modules have had support for fetch payloads. The original payloads supported transferring the second stage over HTTP, HTTPS and FTP. This week, Metasploit has expanded...

CVE-2023-50926

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be caused by an incoming DIO message when using the RPL-Lite implementation in the Contiki-NG operating system. More specifically, the prefix information of the DIO message...

CVE-2023-48229 Out-of-bounds write in the radio driver for Contiki-NG nRF platforms

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds write exists in the driver for IEEE 802.15.4 radios on nRF platforms in the Contiki-NG operating system. The problem is triggered when parsing radio frames in the readframe function in...

CVE-2024-21624

nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified...

Design/Logic Flaw

nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified...

PYSEC-2024-37

nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified...

CVE-2024-21624 Potential Information Leak in User-Constructed Message Templates in nonebot2

nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified...

CVE-2024-21624 Potential Information Leak in User-Constructed Message Templates in nonebot2

nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified...

GHSA-59J8-776V-XXXG NoneBot Potential Information Leak in User-Constructed Message Templates

Impact This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. Patches The identified vulnerability has been remedied in fix 2509 and will be included in...

NoneBot Potential Information Leak in User-Constructed Message Templates

Impact This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. Patches The identified vulnerability has been remedied in fix 2509 and will be included in...

GHSA-3RFR-MPFJ-2JWQ Pimcore Admin Classic Bundle permissions are not getting checked when working with tags

Impact You can create, delete etc. tags without having the permission to do so. This vulnerability allows an attacker to perform broken access control and add tags to admin panel and add dumy data. One can do this as intruder and add text parameters with random numbers and this will effect...

Pimcore Admin Classic Bundle permissions are not getting checked when working with tags

Impact You can create, delete etc. tags without having the permission to do so. This vulnerability allows an attacker to perform broken access control and add tags to admin panel and add dumy data. One can do this as intruder and add text parameters with random numbers and this will effect...

GHSA-7M8G-FPRR-47FX phpMyFAQ vulnerable to stored XSS on attachments filename

Summary Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leading to allow execute JavaScript code in client side XSS Details On that snippet code of rendering the file attachments from user tables id ?" title="thema ?" id ? filename ? recordlang ? filesize ? mimetype ? The data...