Latest News

Failing to properly encode user input, the CSS styled content component is susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or JavaScript.

All XML processing within the TYPO3 CMS are vulnerable to XEE processing. This can lead to load internal and/or external (file) content within an XML structure. Furthermore it is possible to inject arbitrary files for an XML Denial of Service attack. For more information on that topic see https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing.

Failing to properly encode incoming data, the bookmark toolbar is susceptible to Cross-Site Scripting.

Progress Software has rolled out updates to address a critical security flaw impacting the Telerik Report Server that could be potentially exploited by a remote attacker to bypass authentication and create rogue administrator users. The issue, tracked as CVE-2024-4358, carries a CVSS score of 9.8 out of a maximum of 10.0. "In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or

PowerVR suffers from an issue where DevmemXIntMapPages() allows mapping sDevZeroPage/sDummyPage without holding reference.

Red Hat Security Advisory 2024-3576-03 - New images are available for Red Hat build of Keycloak 24.0.5 and Red Hat build of Keycloak 24.0.5 Operator, running on OpenShift Container Platform.

Red Hat Security Advisory 2024-3575-03 - An update is now available for Red Hat build of Keycloak.

Red Hat Security Advisory 2024-3574-03 - New Red Hat build of Keycloak 22.0.11 packages are available from the Customer Portal.

Red Hat Security Advisory 2024-3573-03 - New images are available for Red Hat build of Keycloak 22.0.11 and Red Hat build of Keycloak 22.0.11 Operator, running on OpenShift Container Platform.

Red Hat Security Advisory 2024-3572-03 - A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.