#perl

### Impact the ecrecover precompile does not fill the output buffer if the signature does not verify, see https://github.com/ethereum/go-ethereum/blob/b058cf454b3bdc7e770e2b3cec83a0bcb48f55ee/core/vm/contracts.go#L188. however, the ecrecover builtin will still return whatever is at memory location 0. this means that the if the compiler has been convinced to write to the 0 memory location with specially crafted data (generally, this can happen with a hashmap access or immutable read) just before the ecrecover, a signature check might pass on an invalid signature. ### Patches v0.3.10 ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ ### References _Are there any links users can visit to find out more?_

### Impact An authenticated user can download a debug or artifact bundle from arbitrary organizations and projects with a known bundle ID. The user does not need to be a member of the organization or have permissions on the project. ### Patches A patch was issued to ensure authorization checks are properly scoped on requests to retrieve debug or artifact bundles. Authenticated users who do not have the necessary permissions on the particular project are no longer able to download them. **Sentry SaaS users do not need to take any action. [Self-Hosted Sentry](https://github.com/getsentry/self-hosted) users should upgrade to version 23.5.2 or higher.** ### References - [Restrict file downloads to Project](https://github.com/getsentry/sentry/pull/49680)

WordPress WP Brutal AI plugin versions prior to 2.0.0 suffer from cross site request forgery and remote SQL injection vulnerabilities.

WordPress PrePost SEO plugin versions 3.0 and below suffer from a persistent cross site scripting vulnerability.

WordPress Login Configurator plugin version 2.1 and below suffer from a cross site scripting vulnerability.

WordPress Page Builder KingComposer plugin version 2.9.6 suffers from a cross site scripting vulnerability.

By Deeba Ahmed Researchers at the AI-powered Security solutions provider, FortiGuard Labs, have been monitoring Microsoft Message Queuing (MSMQ) service for… This is a post from HackRead.com Read the original post: Critical Flaws Exposed Microsoft Message Queuing Service to DoS Attacks

Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.

Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of the process running Pandoc. It only affects systems that pass untrusted user input to Pandoc and allow Pandoc to be used to produce a PDF or with the --extract-media option. NOTE: this issue exists because of an incomplete fix for CVE-2023-35936 (failure to properly account for double encoded path names).

An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.836. During client installation and repair, a PrinterLogic binary is called by the installer to configure the device. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full SYSTEM command prompt window. This results in complete compromise via arbitrary SYSTEM code execution (elevation of privileges).