Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

Statamic CMS Cross Site Scripting

Statamic CMS versions prior to 4.46.0 and 3.4.17 suffer from multiple persistent cross site scripting vulnerabilities.

Packet Storm
#xss#csrf#vulnerability#web#js#git#java#perl#auth
Red Hat Security Advisory 2024-0778-03

Red Hat Security Advisory 2024-0778-03 - An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, improper authorization, information leakage, insecure permissions, and open redirection vulnerabilities.

Red Hat Security Advisory 2024-0777-03

Red Hat Security Advisory 2024-0777-03 - An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.14. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, information leakage, and open redirection vulnerabilities.

GHSA-4fp6-574p-fc35: Mattermost Jira Plugin vulnerable to Cross-Site Request Forgery

Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.

Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products

Cisco, Fortinet, and VMware have released security fixes for multiple security vulnerabilities, including critical weaknesses that could be exploited to perform arbitrary actions on affected devices. The first set from Cisco consists of three flaws – CVE-2024-20252 and CVE-2024-20254 (CVSS score: 9.6) and CVE-2024-20255 (CVSS score: 8.2) – impacting Cisco Expressway Series that could allow an

Cacti pollers.php SQL Injection / Remote Code Execution

This Metasploit exploit module leverages sql injection and local file inclusion vulnerabilities in Cacti versions prior to 1.2.26 to achieve remote code execution. Authentication is needed and the account must have access to the vulnerable PHP script (pollers.php). This is granted by setting the Sites/Devices/Data permission in the General Administration section.

WhatsUp Gold 2022 22.1.0 Build 39 Cross Site Scripting

WhatsUp Gold 2022 version 22.1.0 Build 39 suffers from a persistent cross site scripting vulnerability.

Proxmox VE 7.4-1 TOTP Brute Force

Proxmox VE versions 5.4 through 7.4-1 suffer from a TOTP brute forcing vulnerability.

Grocy 4.0.2 Cross Site Request Forgery

Grocy versions 4.0.2 and below suffer from a cross site request forgery vulnerabilities.

GHSA-2cjh-75gp-34gc: livewire Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function.