Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management for Kubernetes v2.15.2 security update

Red Hat Advanced Cluster Management for Kubernetes 2.15 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. Red Hat Advanced Cluster Management for Kubernetes 2.15 images Red Hat Advanced Cluster Management for Kubernetes provides...

Active Debug Code

Overview putyourlightson/craft-sprig is an A reactive Twig component framework for Craft. Affected versions of this package are vulnerable to Active Debug Code in the Sprig Playground component. An administrator can access sensitive information, such as security keys, credentials, and configurati...

GHSA-M59H-42JF-CPHR Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground

Admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other sensitive configuration data, in addition to running the hashData signing function. This issue was mitigated in versions 3.7.2 and 2.15.2 by disabling...

EUVD-2024-0835

Malicious code in bioql PyPI...

DotWallet App 安全漏洞

DotWallet App is a digital asset wallet application from China-based DotWallet. A security vulnerability exists in DotWallet App version 2.15.2, which stems from improper export of AndroidManifest.xml...

WordPress plugin Offsprout Page Builder 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. An authorization issue...

WordPress plugin Bit Form 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...

WordPress plugin Shortcodes and extra features for Phlox theme 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2024-2218

Name of the Vulnerable Software and Affected Versions Go SDK for CloudEvents versions prior to 2.15.2 Description The issue is related to the cloudevents.WithRoundTripper function in the Go SDK for CloudEvents, which causes the SDK to leak credentials to arbitrary endpoints when used with an...

GHSA-9X43-5QCQ-H79Q Django Grappelli Open Redirect vulnerability

views/switch.py in django-grappelli aka Django Grappelli before 2.15.2 attempts to prevent external redirection with startswith"/" but this does not consider a protocol-relative URL e.g., //example.com attack...

FasterXML jackson-databind 代码问题漏洞

FasterXML jackson-databind is FasterXML company based on a JAVA can be XML and JSON and other data formats and JAVA objects for the conversion of the library . Jackson can be easily converted into Java objects and json objects and xml documents , the same can be json, xml conversion into Java...

CVE-2023-32981

An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content...

PYSEC-2022-13

Wagtail is a Django based content management system focused on flexibility and user experience. When notifications for new replies in comment threads are sent, they are sent to all users who have replied or commented anywhere on the site, rather than only in the relevant threads. This means that ...

Torchbox Wagtail 信息泄露漏洞

Torchbox Wagtail is an open source content management system CMS from Torchbox UK. A security vulnerability exists in Torchbox Wagtail, a Django-based content management system focused on flexibility and user experience. When notifications of new replies are sent in comment threads, they are sent...

io.fabric8.funktion.connector:connector-rabbitmq (>=1.1.9 <=1.1.55), io.github.koustavtub:snsmockjava_2.12 (>=0.4.1 <=0.4.1.0) +4 more potentially affected by CVE-2020-11972 via org.apache.camel:camel-rabbitmq (>=2.15.2 <=2.25.0)

org.apache.camel:camel-rabbitmq MAVEN version =2.15.2, =1.1.9, =0.4.1, =2.18.0, =1.0.0, =2.4.8, =2.5.4 Source cves: CVE-2020-11972 Source advisory: OSV:GHSA-2X6R-7427-95CM...

Design/Logic Flaw

The RESTful control interface aka RAPI or ganeti-rapi in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job resul...