CVE-2026-28476

OpenClaw versions prior to 2026.2.14 contain a server-side request forgery vulnerability in the optional Tlon Urbit extension that accepts user-provided base URLs for authentication without proper validation. Attackers who can influence the configured Urbit URL can induce the gateway to make HTTP...

VaahCMS is vulnerable to XSS through its Avatar Upload endpoint

Cross-Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar method of UserBase.php...

Illicit HuiOne Telegram Market Surpasses Hydra, Hits $24 Billion in Crypto Transactions

The Telegram-based online marketplace known as HuiOne Guarantee and its vendors have cumulatively received at least $24 billion in cryptocurrency, dwarfing the now-defunct Hydra to become the largest online illicit marketplace to have ever operated. The figures, released by blockchain analytics...

CVE-2024-56320

GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper authorization of access to the admin "Configuration XML" UI feature, and its associated API. A malicious insider/existing authenticated GoCD user with an existing GoCD...

CVE-2024-56320

GoCD before 24.5.0 is vulnerable to admin privilege escalation via improper authorization of the admin “Configuration XML” UI and related API. An authenticated GoCD user with an existing account can access information intended only for admins or elevate privileges to admin, with exploitation requ...

CVE-2024-56320 GoCD vulnerable to admin privilege escalation by a malicious internal/existing authenticated user

GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper authorization of access to the admin "Configuration XML" UI feature, and its associated API. A malicious insider/existing authenticated GoCD user with an existing GoCD...

PT-2025-1147 · Gocd · Gocd

Name of the Vulnerable Software and Affected Versions: GoCD versions prior to 24.5.0 Description: The issue is related to improper authorization of access to the admin "Configuration XML" UI feature and its associated API in the GoCD system, allowing a malicious insider or existing authenticated...

Wrap Up the Year with the Biggest Scope and Rewards Yet: Join the Wordfence Bug Bounty Program End of Year Holiday Extravaganza!

The holidays are here, and so is your chance to earn big while helping secure the WordPress ecosystem! For all submissions to our Bug Bounty Program from November 12, 2024, to December 9, 2024 , we’re rolling out our End of Year Holiday Extravaganza promotion to give back to our security...

CVE-2024-29780

In hwbccnsdeprivilege of trusty/user/base/lib/hwbcc/client/hwbcc.c, there is a possible uninitialized stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Why Attackers Target the Gaming Industry

Key Takeaways: The gaming industry is a common target for cyberattacks due to its financial success and vast user base. Volumetric DDoS attacks can disrupt service, distract from more serious attacks, and cause financial damage, especially on sites that offer online multiplayer games or real-time...

Researcher Builds Parler Archive Amid Amazon Suspension

A security researcher said she has scraped and is archiving 99 percent of Parler’s public posts, as the social-media network goes offline following suspensions from Amazon, Apple and Google. Archived content includes public posts from the social-media site. These posts reportedly included Parler...

kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS

A flaw was found in the Linux kernel. The cryptoreport function mishandles resource cleanup on error. A local attacker able to induce the error conditions could use this flaw to crash the system. The highest threat from this vulnerability is to system availability...

Zoom Flaw Could Have Allowed Hackers To Crack Meeting Passcodes

A security issue in popular video conferencing platform Zoom was disclosed this week, which could have allowed attackers to crack private meeting passcodes and snoop in on video conferences. The problem, which has already been fixed, stems from Zoom not having any check against repeated incorrect...

Linux kernel resource management error vulnerability (CNVD-2019-42363)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A memory disclosure vulnerability exists in the 'cryptoreport' function in the crypto/cryptouserbase.c file in Linux kernel 5.3.11 and earlier versions. An attacker ca...

DEBIAN-CVE-2019-19062

A memory leak in the cryptoreport function in crypto/cryptouserbase.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption by triggering cryptoreportalg failures, aka CID-ffdde5932042...

XSS Vulnerability in Mailbox 189

189 mailbox is a new type of mailbox for all Internet users, with 380 million registered users. It is ranked among the top three mailboxes in the domestic mailbox industry, only after NetEase and QQ mailboxes. There is an XSS vulnerability in 189 mailbox, which can be exploited by attackers to...

Facebook Could Be Fined Up To $5 Billion Over Privacy Violations

Facebook expects to face a massive fine of up to $5 billion from the Federal Trade Commission FTC as the result of an investigation into its privacy policies—that's about one month's revenue for the social media giant. To be clear the amount of fine is not what the FTC has announced or hinted yet...

Other SD Projects Knowledge Base are accessible through direct link

h3. Summary: If a Customer only able to access one SD Portal and log in to Confluence, it is actually possible for that Customer to access other SD Project KBs through a Direct URL Link including navigating the space. h3. Steps to Reproduce: Prepare a JIRA instance that is connected to Confluence...

Google's OSS-Fuzz Finds 1,000 Open Source Bugs

The numbers are in, and judging by them, OSS-Fuzz, the program Google unveiled last December to continuously fuzz open source software, has been a success. In five months the effort has unearthed more than 1,000 bugs, a quarter of them potential security vulnerabilities, Google says. OSS-Fuzz,...

Valve Patches Trivial XSS Bug in Steam

Valve Corp., has patched a cross-site scripting vulnerability on its popular Steam gaming platform that could be exploited by viewing a maliciously crafted profile. The flaw could allow an attacker to carry out phishing attacks or execute malicious scripts just by opening a crafted profile page. ...