Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

GHSA-hhxg-rvc9-8726: camaleon_cms affected by cross site scripting

Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field.

ghsa
Open in Source
#xss#vulnerability#web#auth
Strengthen DevSecOps with Red Hat Trusted Software Supply Chain

As organizations start deploying advanced monitoring capabilities to protect their production environment from cyber attacks, attackers are finding it increasingly difficult to break in and compromise systems. As a result, they are now leveraging alternate approaches to infiltrate systems by secretly injecting malware into the software supply chain. This illicit code allows them to turn a software component into a Trojan horse of sorts, resulting in software infected with malicious code which allows cyber criminals to open the "doors to the kingdom" from the inside.A recent report from BlackBe

ABB Cylon Aspect 3.08.01 (logCriticalLookup.php) Unauthenticated Log Disclosure

The ABB BMS/BAS controller suffers from an unauthenticated log information disclosure vulnerability. An unauthorized attacker can reference the affected page and disclose the webserver's log file containing system information running on the device.

ABB Cylon Aspect 3.08.01 (throttledLog.php) Unauthenticated Log Disclosure

The ABB BMS/BAS controller suffers from an unauthenticated log information disclosure vulnerability. An unauthorized attacker can reference the affected page and disclose the webserver's log file containing system information running on the device.

Samsung Zero-Day Vuln Under Active Exploit, Google Warns

If exploited, bad actors can execute arbitrary code while evading detection thanks to a renamed process.

OPA for Windows Vulnerability Exposes NTLM Hashes

The vulnerability affects all versions prior to v0.68.0 and highlights the risks organizations assume when consuming open source software and code.

The severity of the Elevation of Privilege – Windows Kernel-Mode Driver (CVE-2024-35250) vulnerability has increased

The severity of the Elevation of Privilege – Windows Kernel-Mode Driver (CVE-2024-35250) vulnerability has increased. This vulnerability was fixed as part of the June Microsoft Patch Tuesday. As in the case of the CVE-2024-30090 vulnerability, it was discovered by a researcher with the nickname Angelboy from DEVCORE. And it also affects the Kernel Streaming framework, […]

GHSA-3vpc-4p9p-47hc: curl_cffi bundles a version of libcurl affected by High Severity vulnerability

### Summary curl_cffi is potentially affected by High Severity vulnerability (CVE-2023-38545) in libcurl<8.4.0 ### Details HIGH severity vulnerability in curl and libcurl: [announcement](https://github.com/curl/curl/discussions/12026#discussioncomment-7195548) Details are still unknown, but seems it will be a major issue as it's advertised by curl devs as "_probably the worst curl security flaw in a long time_". A patched version (8.4.0) and details will be published around 06:00 UTC on October 11. curl_cffi wheels on PyPI ship with libcurl 7.84.0 ### PoC [https://inspector.pypi.io/project/curl-cffi/0.5.10b2/packages/56/ae/eb7d39ad234f1f44650b910757d5aa696feff413d327c8328223ce78cb76/curl_cffi-0.5.10b2-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl/curl_cffi/include/curl/curlver.h](https://inspector.pypi.io/project/curl-cffi/0.5.10b2/packages/56/ae/eb7d39ad234f1f44650b910757d5aa696feff413d327c8328223ce78cb76/curl_cffi-0.5.10b2-cp37-abi3-manylinux_2_17_aarch64.manylinux2014...

GHSA-wxw9-6pv9-c3xc: Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out

### Impact During an explicit sign-out, the server session is not fully terminated.