CVE-2024-27105

CVE-2024-27105 affects Frappe before versions 14.66.3 and 15.16.0. The issue allows bypassing file permissions via certain endpoints, enabling less-privileged users to delete or clone files. A patch is included in 14.66.3 and 15.16.0. No workarounds are documented. Remediate by upgrading to 14.66...

CVE-2024-26144

Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain...

Golang Worm Widens Scope to Windows, Adds Payload Capacity

A new version of a known malware campaign aimed at installing cryptominers has changed up its tactics, adding attacks on Windows servers and a new pool of exploits to its bag of tricks. It is also swiftly evolving to position itself as a backdoor for downloading future, more damaging malware,...

Ruby on Rails Patches DoS, XSS Vulnerabilities

The developers of Ruby on Rails, the popular web app framework, released four new versions of the product yesterday, complete with fixes for a series of vulnerabilities that could have lead to denial of service attacks and XSS injections. Four vulnerabilities in total are addressed in versions...