Squid Game Crypto Scammers Rip Off Investors for Millions

Players in the Squid Game cryptocurrency market have been eliminated — at least their investment has — by what cryptocurrency watchers have called a classic “rug-pull” scam. When SQUID tokens were first released last week, they were valued at a paltry $0.01 but promised entry into a game with the...

File Traversal affecting SVG files on Nextcloud Server

None...

File path disclosure of shared files in Richdocuments application

None...

XSS in Contacts

None...

Bypass of image blocking in Nextcloud Mail

None...

Meet the new project experience for SonarCloud

We are very pleased to announce that we have released a new project experience. It’s now available in SonarCloud for all users. You’ll notice a few improvements the next time you open SonarCloud. We’re going to tell you more about what this makeover is about in this article. You may be wondering...

GHSA-PVV8-8FX9-H673 Path Traversal in @backstage/plugin-scaffolder-backend

Impact A malicious actor could read sensitive files from the environment where Scaffolder tasks are run. The attack is executed by crafting a custom Scaffolder template with a publish:github:pull-request action using a particular source path. When the template is executed the sensitive files woul...

Path Traversal in @backstage/plugin-scaffolder-backend

Impact A malicious actor could read sensitive files from the environment where Scaffolder tasks are run. The attack is executed by crafting a custom Scaffolder template with a publish:github:pull-request action using a particular source path. When the template is executed the sensitive files woul...

CVE-2021-41151

Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a github:publish:pull-request action and a...

CVE-2021-41151

Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a github:publish:pull-request action and a...

backstage 路径遍历漏洞

backstage is a software application. Backstage is an open platform for building developer portals Backstage suffers from a path traversal vulnerability that stems from the ability to read sensitive files from an environment running Scaffolder Tasks. The attack is executed by crafting a custom...

AutomatedLab - A Provisioning Solution And Framework That Lets You Deploy Complex Labs On HyperV And Azure With Simple PowerShell Scripts

AutomatedLab AL enables you to setup test and lab environments on Hyper-v or Azure with multiple products or just a single VM in a very short time. There are only two requirements you need to make sure: You need the DVD ISO images and a Hyper-V host or an Azure subscription. Requirements Apart fr...

Reconky - A Great Content Discovery Bash Script For Bug Bounty Hunters Which Automate Lot Of Task And Organized It

Reconky is a script written in bash to automate the task of recon and information gathering.This Bash Script allows you to collect some information that will help you identify what to do next and where to look for the required target. Usage ./reconky.sh Main-Features It will Gathers Subdomains wi...

Travis CI Flaw Exposes Secrets of Thousands of Open Source Projects

Continuous integration vendor Travis CI has patched a serious security flaw that exposed API keys, access tokens, and credentials, potentially putting organizations that use public source code repositories at risk of further attacks. The issue — tracked as CVE-2021-41077 — concerns unauthorized...

CVE-2021-32724

CVE-2021-32724 affects the GitHub Action check-spelling (check-spelling/check-spelling). In workflows that run on pull_request_target or schedule, a crafted PR can cause exposure of the GITHUB_TOKEN, enabling the attacker to push commits with repository-level access and potentially exfiltrate sec...

CVE-2021-40812

The GD Graphics Library aka LibGD through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks...

Docker < 1.8.3 Multiple Vulnerabilities

Docker is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Bypass of Two Factor Authentication

None...

Exceptions may have logged Encryption-at-Rest key content

None...

Lack of ratelimit on Richdocuments OCS endpoint

None...