Important: Red Hat Security Advisory: RHACS 4.8.8 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

EUVD-2023-34893

Malicious code in bioql PyPI...

CVE-2024-3267

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btbbpricelist shortcode in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to a phishing attack due to the ExpressJS package (CVE-2024-29041)

Summary ExpressJS is used by IBM DataStage on Cloud Pak for Data as part of the web application framework. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker...

Security Bulletin: Vulnerability in GraphQL Java affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in GraphQL Java has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka...

Security Bulletin: Vulnerability in Protocol Buffers affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in Protocol Buffers has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses...

OPENSUSE-SU-2024:0114-1 Security update for pdns-recursor

This update for pdns-recursor fixes the following issues: - update to 4.8.8: fixes a case when a crafted responses can lead to a denial of service in Recursor if recursive forwarding is configured boo1223262, CVE-2024-25583 - changes in 4.8.7: If serving stale, wipe CNAME records from cache when ...

CVE-2024-2734

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's AI features all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

PT-2024-21840 · WordPress · Bold Page Builder

Name of the Vulnerable Software and Affected Versions: Bold Page Builder plugin for WordPress versions up to, and including, 4.8.8 Description: The issue is related to Stored Cross-Site Scripting via the 'Price List' element due to insufficient input sanitization and output escaping on...

PT-2024-21847 · WordPress · Bold Page Builder

Name of the Vulnerable Software and Affected Versions: Bold Page Builder plugin for WordPress versions up to, and including, 4.8.8 Description: The issue is related to Stored Cross-Site Scripting via HTML Tags due to insufficient input sanitization and output escaping on user-supplied attributes...

WordPress Bold Page Builder Plugin <= 4.8.8 is vulnerable to Cross Site Scripting (XSS)

Software Bold Page Builder Type Plugin Vulnerable versions = 4.8.8 Fixed in 4.8.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3267 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4cbd847db71a Credits stealthcopter Required...

CVE-2023-50038

There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions...

Zope Information Disclosure Vulnerability (GHSA-8xv7-89vj-q48c)

Zope is prone to an information disclosure vulnerability through Python SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zope:zope...

PT-2023-19504 · Unknown · Textpattern

Name of the Vulnerable Software and Affected Versions: Textpattern version 4.8.8 Description: An arbitrary file upload vulnerability in the plugin upload function allows attackers to execute arbitrary code via a crafted Zip file. Recommendations: For Textpattern version 4.8.8, at the moment, ther...

PT-2023-20824 · Unknown · Textpattern

Name of the Vulnerable Software and Affected Versions: Textpattern versions 4.8.8 and below Description: An arbitrary file upload vulnerability in the upload plugin allows attackers to execute arbitrary code by uploading a crafted PHP file. Recommendations: For Textpattern versions 4.8.8 and belo...

WordPress Email Users plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress plugin Email Users 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

Textpattern CMS <= 4.8.8 CSRF Vulnerability

Textpattern CMS is prone to a cross-site request forgery CSRF vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...