Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CMSMS 2.2.19 Arbitrary File Upload

CMSMS version 2.2.19 suffers from an arbitrary file upload vulnerability.

Packet Storm
#vulnerability#web#mac#git#rce#auth
New Xamalicious Backdoor Infects 25 Android Apps, Affects 327K Devices

By Waqas Despite Google's proactive removal of these apps, the threat persists through third-party markets, compromising over 327,000 devices globally. This is a post from HackRead.com Read the original post: New Xamalicious Backdoor Infects 25 Android Apps, Affects 327K Devices

GHSA-crwj-2r3c-gx2g: Apache InLong Manager Arbitrary File Read Vulnerability

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.9.0, the attackers can make a arbitrary file read attack using mysql driver. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it. [1]  https://github.com/apache/inlong/pull/9331

GHSA-9xg9-hh45-xcm6: Apache InLong Manager Remote Code Execution vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9329

5 Ways to Reduce SaaS Security Risks

As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the risk of identity-based threats, and according to a recent report from CrowdStrike, 80% of breaches today use compromised

SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails

A new exploitation technique called Simple Mail Transfer Protocol (SMTP) smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security measures. "Threat actors could abuse vulnerable SMTP servers worldwide to send malicious emails from arbitrary email addresses, allowing targeted phishing attacks," Timo Longin, a senior security

GHSA-4rrv-8gcp-24v8: PaddlePaddle stack overflow in paddle.searchsorted

Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.

GHSA-3cr5-2446-8pg3: PaddlePaddle command injection in convert_shape_compare

PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system.

GHSA-g57v-2687-jx33: PaddlePaddle stack overflow in paddle.linalg.lu_unpack

Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.

GHSA-rg9q-m8hv-xxr6: PaddlePaddle floating point exception in paddle.lerp

FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.