Tag
#git
### TL;DR This vulnerability affects all Kirby sites with enabled `languages` option that might have potential attackers in the group of authenticated Panel users. If you have disabled the `languages` and/or `api` option and don't call any methods in your code that cause a write access to languages (language creation, update or deletion), your site is *not* affected. ---- ### Introduction Kirby allows to restrict the permissions of specific user roles. Users of that role can only perform permitted actions. Permissions for creating and deleting languages have already existed and could be configured, but were not enforced by Kirby's frontend or backend code. A permission for updating existing languages has not existed before the patched versions. So disabling the `languages.*` wildcard permission for a role could not have prohibited updates to existing language definitions. ### Impact The missing permission checks allowed attackers with Panel access to manipulate the language de...
Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware. "These campaigns delivered n-day exploits for which patches were available, but would still be effective against unpatched devices," Google Threat Analysis Group (TAG) researcher Clement
A vulnerability was found in FeehiCMS up to 2.1.1 and classified as critical. This issue affects the function insert of the file /admin/index.php?r=user%2Fcreate. The manipulation of the argument User[avatar] leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
pgAdmin versions 8.4 and below are affected by a remote code execution vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data.
The GiveWP Donation plugin and Fundraising Platform plugin for WordPress in all versions up to and including 3.14.1 is vulnerable to a PHP object injection (POI) flaw granting an unauthenticated attacker arbitrary code execution.
Microsoft Windows IPv6 vulnerability checking proof of concept python script that causes a denial of service. Windows 10 and 11 versions under 10.0.26100.1457 and Server 2016-2019-2022 versions under 10.0.17763.6189 are affected.
Gitea version 1.22.0 suffers from a cross site scripting vulnerability.
Notemark versions 0.13.0 and below suffer from a cross site scripting vulnerability.
Red Hat Security Advisory 2024-6028-03 - An update for git is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.
Red Hat Security Advisory 2024-6027-03 - An update for git is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.