#ruby

Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can prevent the defer queue from proceeding promptly on sites hosted in the same multisite installation. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability. Users of multisite configurations should upgrade.

Buzzy News Viral Lists Polls and Videos version 2.5.1 appears to leave default credentials installed after installation.

North Korean nation-state actors affiliated with the Reconnaissance General Bureau (RGB) have been attributed to the JumpCloud hack following an operational security (OPSEC) blunder that exposed their actual IP address. Google-owned threat intelligence firm Mandiant attributed the activity to a threat actor it tracks under the name UNC4899, which likely shares overlaps with clusters already

WordPress Page Builder KingComposer plugin version 2.9.6 suffers from a cross site scripting vulnerability.

REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.

CMS Ultimate Solutions DreamSus version 1.4 suffers from a remote shell upload vulnerability.

WordPress ChurcHope Responsive Themes version 4.7.x suffers from a directory traversal vulnerability.

CMS NEXIN version 2.0 appears to leave default credentials installed after installation.

Buzzy News Viral Lists Polls and Videos version 2.0 appears to leave default credentials installed after installation.

CMS Nexin Adminisztracios Kozpont version 1.2 appears to leave default credentials installed after installation.