20,000 WordPress Sites Affected by Remote Code Execution Vulnerability in Bit File Manager WordPress Plugin

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 14th, researchers can earn up to $31,200, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, an...

CVE-2024-43874

CVE-2024-43874 affects the Linux kernel crypto CCP/SEV path. The vulnerability is a NULL pointer dereference in __sev_snp_shutdown_locked triggered when psp_device or sev_device are uninitialized due to DEBUG_TEST_DRIVER_REMOVE. The fix returns early from __sev_snp_shutdown_locked() if these stru...

PT-2024-5808 · Google +5 · Google Chrome +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 128.0.6613.84 Microsoft Edge affected versions not specified Description: A heap buffer overflow in the Fonts component of Google Chrome and Microsoft Edge allows a remote attacker to potentially exploit heap...

m.circulation.or.kr Open Redirect vulnerability OBB-3958086

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

UBUNTU-CVE-2024-43829

In the Linux kernel, the following vulnerability has been resolved: drm/qxl: Add check for drmcvtmode Add check for the return value of drmcvtmode and return the error if it fails in order to avoid NULL pointer dereference...

CVE-2024-28986

SolarWinds Web Help Desk

CVE-2024-42071 affecting package kernel for versions less than 5.15.162.2-1

CVE-2024-42071 affecting package kernel for versions less than 5.15.162.2-1. A patched version of the package is available...

tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users

Impact What kind of vulnerability is it? Who is impacted? Low permission users using the "Set .dme Path" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via tgstation-server requiring a separate,...

clarisoft.com Cross Site Scripting vulnerability OBB-3950617

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

UBUNTU-CVE-2024-41110

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being...

CVE-2024-20971 affecting package mysql for versions less than 8.0.36-1

CVE-2024-20971 affecting package mysql for versions less than 8.0.36-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-20967 affecting package mysql for versions less than 8.0.36-1

CVE-2024-20967 affecting package mysql for versions less than 8.0.36-1. An upgraded version of the package is available that resolves this issue...

Important: ecs-service-connect-agent

Issue Overview: dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the nlohmann JSON library. However, due to the way the JSON library is invoked, it throws a...

Security update for global (important)

openSUSE Security Update: Security update for global Announcement ID: openSUSE-SU-2024:0210-1 Rating: important References: 1226420 Cross-References: CVE-2024-38448 Affected Products: openSUSE Backports SLE-15-SP5 An update that fixes one vulnerability is now available. Description: This update f...

Medium: python3.11-setuptools

Issue Overview: A Denial of Service DoS vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution

Summary Salesforce tough-cookie is used by IBM App Connect Enterprise Certified Container for handling cookies. IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in...

CGA-Q5CF-973W-VVM9

Bulletin has no description...

CGA-P68W-CM49-2VR4

Bulletin has no description...

CGA-8R26-2374-XP5J

Bulletin has no description...

CGA-5GJX-8HCR-V9R6

Bulletin has no description...