Auth. Bypass and API Keys Disclosure vulnerability discovered by Francesco Carlucci in the WordPress Clerk plugin (versions Read More ...

Continue Reading

November 15, 2022

Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's C API implementation where the definition of the `wasmtime_trap_code` does not match its declared ...

Continue Reading

November 15, 2022

Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. NOTE: Obsidian is a specific version of the Plesk product: version numbers were used throu ...

Continue Reading

November 15, 2022

[![Malicious PyPI Package](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiDKozAAVrzxcnQaY1nyeIo-yfxeHUDxcmpI3Behh3zOv7ZFFLHxBky2gkeEeCK27p6iknqlu3KL2Q0ukHsudjjZxrwBZUZPd1QwrPyg3aOMPqoT9b0A ...

Continue Reading

November 15, 2022

The latest quarterly review and analysis of API vulnerabilities and exploits is in. Our initial take had us thinking it was smooth sailing for the state of API vulnerabilities in Q3—or was it jus ...

Continue Reading

November 15, 2022

A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Mod ...

Continue Reading

November 15, 2022

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Mo ...

Continue Reading

November 15, 2022

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterpr ...

Continue Reading

November 15, 2022