BIT-SUITECRM-2024-49774 ModuleScanner flaws in SuiteCRM

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. SuiteCRM relies on the blacklist of functions/methods to prevent installation of malicious MLPs. But this checks can be bypassed with some syntax constructions. SuiteCRM uses tokengetall to par...

CVE-2024-49774

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. SuiteCRM relies on the blacklist of functions/methods to prevent installation of malicious MLPs. But this checks can be bypassed with some syntax constructions. SuiteCRM uses tokengetall to par...

CVE-2024-49774 ModuleScanner flaws in SuiteCRM

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. SuiteCRM relies on the blacklist of functions/methods to prevent installation of malicious MLPs. But this checks can be bypassed with some syntax constructions. SuiteCRM uses tokengetall to par...

GHSA-5C4W-8HHH-3C3H Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability

A vulnerability was identified in Consul and Consul Enterprise "Consul" such that using Headers in L7 traffic intentions could bypass HTTP header based access rules...

MAL-2024-9758 Malicious code in plugin-syntax-unicode-sets-regex (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in plugin-syntax-import-attributes (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-9757 Malicious code in plugin-syntax-import-attributes (npm)

--- -= Per source details. Do not edit below this line.=-...

[SECURITY] Fedora 39 Update: rust-nu-protocol-0.96.1-3.fc39

Nushell's internal protocols, including its abstract syntax tree...

The vulnerability of the MongoDB Rust Driver’s database management system driver lies in its improper handling of syntactically incorrect structures, allowing attackers to execute arbitrary commands.

The vulnerability of the MongoDB Rust Driver driver is related to the improper handling of syntaxically incorrect structures. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

openSUSE 15 Security Update : coredns (openSUSE-SU-2024:0319-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0319-1 advisory. Update to version 1.11.3: optimize the performance for high qps 6767 bump deps Fix zone parser error handling 6680 Add alternate option to forwar...

WordPress plugin Appointment Booking Calendar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CKEditor < 4.25.0-LTS Multiples Cross-Site Scripting

According to its self-reported version number, the CKEditor application running on the remote host is prior to 4.25.0-LTS or 4.22.x prior to 4.25.0-LTS. It is, therefore, affected by multiples Cross-Site-Scripting : - In CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected...

Malicious code in babel-preset-current-node-syntax (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 227436e7c8f26da0ff88db12bd9102d85f9f596cf495b6e9192c634d275a5686 Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...

MAL-2025-6460 Malicious code in babel-preset-current-node-syntax (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 227436e7c8f26da0ff88db12bd9102d85f9f596cf495b6e9192c634d275a5686 Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...

The vulnerability of the centralized service for supporting information about configuration, naming, distributed synchronization, and group services in Apache ZooKeeper is related to improper restrictions on operations within buffer memory. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the centralized service for supporting information about configuration, naming, distributed synchronization, and providing group services in Apache ZooKeeper is related to the use of the “cmd:” packet-mode syntax. Exploiting this vulnerability allows a malicious actor to...

ROS-20240826-24

Vulnerability of pygments/lexers/smithy.py file of SmithyLexer component of syntax highlighting program Pygments is related to the use of a regular expression with inefficient computational complexity. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2024-43407

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSH...

The vulnerability of the org.xwiki.platform:xwiki-platform-web-war component of the XWiki platform, which is used for creating collaborative web applications. This vulnerability allows a attacker to execute arbitrary code.

The vulnerability of the “org.xwiki.platform:xwiki-platform-web-war” component of the XWiki platform involves errors in data processing during syntax analysis of code. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

ROS-20240815-05

A vulnerability in the centralized service for maintaining configuration information, naming, providing Apache ZooKeeper's centralized service for maintaining configuration information and naming, providing distributed synchronization, and providing group services is related to the lack of ACL...

CVE-2024-42482

fish-shop/syntax-check is a GitHub action for syntax checking fish shell files. Improper neutralization of delimiters in the pattern input specifically the command separator ; and command substitution characters and mean that arbitrary command injection is possible by modification of the input...