An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequen ...
Continue Reading
May 25, 2023
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, becaus ...
Continue Reading
May 25, 2023
When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all aut ...
Continue Reading
May 25, 2023
Last week, there were 82 vulnerabilities disclosed in 59 WordPress Plugins and 11 WordPress themes, along with 6 in WordPress Core, that have been added to the Wordfence Intelligence Vulnerability Dat ...
Continue Reading
May 25, 2023
IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access to the API, resulting in the disclosure of sensitive information.Read More ...
Continue Reading
May 25, 2023
Saleor Core is a composable, headless commerce API. Saleor's `validate_hmac_signature` function is vulnerable to timing attacks. Malicious users could abuse this vulnerability on Saleor deployments ha ...
Continue Reading
May 25, 2023
[]() An unnamed government entity associated with the ...
Continue Reading
May 25, 2023
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Pikabot, a sophisticated backdoor evades analysis with anti-analysis measures like the "sleep" function, u ...
Continue Reading
May 25, 2023
Back to Main
