GHSA-V6MG-7F7P-QMQP apko Exposure of HTTP basic auth credentials in log output

Summary Exposure of HTTP basic auth credentials from repository and keyring URLs in log output Details There was a handful of instances where the apko tool was outputting error messages and log entries where HTTP basic authentication credentials were exposed for one of two reasons: 1. The%s verb...

CVE-2024-28999

CVE-2024-28999 is a race-condition vulnerability in SolarWinds Platform web console. Public materials (exploit-db, GitHub exploit, Nessus plugin) confirm a login-page race condition affecting SolarWinds Platform 2024.1 SR1 and earlier; several related advisories (Red Hat, ENISA ENISA EUVD, NCSC) ...

CVE-2024-37061

MLflow CVE-2024-37061 affects MLflow platforms running version 1.11.0 or newer. A maliciously crafted MLproject can trigger remote code execution on an end user’s system when run. Multiple connected sources corroborate RCE related to MLflow projects input handling, including descriptions and advi...

CVE-2024-4581

CVE-2024-4581 affects the Slider Revolution WordPress plugin (versions up to and including 6.7.11). The vulnerability is a Stored XSS in the Add Layer widget caused by insufficient input sanitization and output escaping for user-supplied class, id, and title attributes. Exploitation requires an A...

CVE-2023-39161

CVE-2023-39161 is a WordPress WP Discussion Board plugin vulnerability affecting versions up to 2.4.8, described as a Content Injection (XSS-related) issue in WordPress Discussion Board. The connected Patchstack entry confirms the fix in version 2.4.9. Base CVSSv3.1 score is 5.4 (Medium); impact ...

CVE-2024-0757

CVE-2024-0757 : The WordPress plugin “Insert or Embed Articulate Content into WordPress” (

CVE-2024-4750

The CVE-2024-4750 entry concerns the BuddyBoss Platform WordPress plugin prior to 2.6.0, where an Insecure Direct Object Reference (IDOR) allows a user to like a private post by manipulating the post ID in the request (id parameter). Multiple sources (Patchstack, PT-Security, WPVulndb, CVE record...

CVE-2024-4462

CVE-2024-4462 concerns the Nafeza Prayer Time WordPress plugin. The description indicates a Stored Cross‑Site Scripting vulnerability in admin settings for all versions up to 1.2.9, caused by insufficient input sanitization and output escaping. The issue affects multisite installations and sites ...

CVE-2024-4870

CVE-2024-4870 affects the WordPress plugin Frontend Registration – Contact Form 7. The vulnerability arises from insufficient restriction on the cf7frr post meta, in versions up to and including 5.1, enabling authenticated attackers with editor-level access and higher to modify the default user r...

CVE-2024-29972

The CVE-2024-29972 issue affects Zyxel NAS326 and NAS542: a command injection vulnerability in the CGI program remote_help-cgi could allow unauthenticated OS command execution via crafted HTTP POST requests. Affected versions are NAS326 < V5.21(AAZF.17)C0 and NAS542

Exploit for OS Command Injection in Proscend M330-W_Firmware

CVE-2022-36779 exploit code for Unauthenticated OS...

CVE-2023-24373

The CVE-2023-24373 entry concerns the WordPress Booking calendar, Appointment Booking System plugin. Affected versions are ≤ 3.2.3, and the root cause is an External Control of Assumed-Immutable Web Parameter that allows bypass by manipulating hidden fields. The vulnerability is categorized as a ...

CVE-2024-31682

CVE-2024-31682 concerns Phone Cleaner: Boost & Clean, version 2.2.0, where an incorrect access control in the fingerprint authentication mechanism allows bypass due to a deprecated API. The CVSSv3.1 base score is 9.8 (CRITICAL), with network attack vector, no privileges required, and user interac...

CVE-2021-3899

CVE-2021-3899 involves a race condition in Apport's replaced-executable detection that, with specific local configuration, could allow a local attacker to run arbitrary code as root. This vulnerability is referenced in multiple advisories (Ubuntu USN-6894-1, RH Red Hat CVE notes, and Nessus/OSV e...

CVE-2024-36889

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure sndnxt is properly initialized on connect Christoph reported a splat hinting at a corrupted snduna: WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 mptcpcleanuna+0x4b3/0x620 net/mptcp/protocol.c:1005 Modules...

CVE-2024-23360

CVE-2024-23360 involves a memory corruption issue in LPAC-related components when creating an LPAC client, where the LPAC engine is allowed to access GPU registers. Affected scope is described across multiple sources (NVD, Red Hat, CVE lists) as memory corruption with HIGH impact on confidentiali...

CVE-2023-43556

CVE-2023-43556 describes memory corruption in the Hypervisor when platform information is not aligned. The available connected documents corroborate this vulnerability across multiple sources (NVD, Red Hat CVE entry, CVE list, Vuln Enrichment) with the same description. The materials do not speci...

Advisory ROSA-SA-2024-2430

Software: libvirt 6.0.0 OS: ROSA Virtualization 2.1 packageevrstring: libvirt-6.0.0-28.module+el8.3.0+7827+5e65edd7.src.rpm CVE-ID: CVE-2021-3631 BDU-ID: 2024-02428 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Libvirt virtualization management library is related to the creation of SELinux M...

RHEL 5 : firefox (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Mozilla: Malicious Extension could obtain auth codes from OAuth login flows CVE-2020-6823 - Mozilla Firef...

[SECURITY] Fedora 39 Update: rust-docopt-1.1.1-13.fc39

Command line argument parsing...