The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/conf ...
Continue Reading
May 02, 2024
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the contain ...
Continue Reading
May 02, 2024
Security Advisory Description CVE-2024-22245 Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious ...
Continue Reading
May 02, 2024
Security Advisory Description pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerabi ...
Continue Reading
May 02, 2024
In the words of Sun Tzu, 'In the midst of chaos, there is also opportunity.' This aptly captures the essence of today's cybersecurity landscape. Managed Security Service Providers (MSSP ...
Continue Reading
May 02, 2024
The C2 Cloud is a robust web-based C2 framework, designed to simplify the life of penetration testers. It allows easy access to compromised backdoors, just like accessing an EC2 instance in the AWS cl ...
Continue Reading
May 02, 2024
In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these laye ...
Continue Reading
May 02, 2024
librespeed/speedtest is an open source, self-hosted speed test for HTML5. In affected versions missing neutralization of the ISP information in a speedtest result leads to stored Cross-site scripting ...
Continue Reading
May 02, 2024
Back to Main
