Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-747v-52c4-8vj8: Contao: Unencoded insert tags in the frontend

### Impact It is possible to inject insert tags via the form generator if the submitted form data is output on the page in a specific way. ### Patches Update to Contao 4.13.40 or 5.3.4. ### Workarounds Do not output the submitted form data on the website. ### References https://contao.org/en/security-advisories/insert-tag-injection-via-the-form-generator ### For more information If you have any questions or comments about this advisory, open an issue in [contao/contao](https://github.com/contao/contao/issues/new/choose).

ghsa
Open in Source
#web#git
GHSA-v24p-7p4j-qvvf: Contao: Cross site scripting in the file manager

### Impact Users can insert malicious code into file names when uploading files, which is then executed in tooltips and popups in the backend. ### Patches Update to Contao 4.13.40 or Contao 5.3.4. ### Workarounds Disable uploads for untrusted users. ### References https://contao.org/en/security-advisories/cross-site-scripting-in-the-file-manager ### For more information If you have any questions or comments about this advisory, open an issue in [contao/contao](https://github.com/contao/contao/issues/new/choose). ### Credits Thanks to Alexander Wuttke for reporting this vulnerability.

EV Charging Stations Still Riddled With Cybersecurity Vulnerabilities

As more electric vehicles are sold, the risk to compromised charging stations looms large alongside the potential for major cybersecurity exploits.

GHSA-qmr3-52xf-wmhx: Apache Zeppelin: LDAP search filter query Injection Vulnerability

Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.

GHSA-66j8-c83m-gj5f: Apache Zeppelin remote code execution by adding malicious JDBC connection string

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.

GHSA-rrvf-5w4r-3x7v: Apache Zeppelin vulnerable to cross-site scripting in the helium module

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. Attackers can modify `helium.json` and perform cross-site scripting attacks on normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.

GHSA-g44m-x5h7-fr5q: Apache Zeppelin: Cron arbitrary user impersonation with improper privileges

Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.

The Essential Tools and Plugins for WordPress Development

By Owais Sultan WordPress, a widely used content management system, owes a great deal of its flexibility to plugins. These small… This is a post from HackRead.com Read the original post: The Essential Tools and Plugins for WordPress Development

0G Launches Newton Testnet of Ultra-Scalable Modular AI Blockchain

By Uzair Amir 0G Labs is pleased to unveil the launch of the testnet for 0G, the modular ultra-high data throughput… This is a post from HackRead.com Read the original post: 0G Launches Newton Testnet of Ultra-Scalable Modular AI Blockchain