Security Bulletin: Multiple VMWare Tanzu Spring Vulerabilities Affects IBM OpenPages with Watson (CVE-2022-22968, CVE-2022-22970, CVE-2022-22971)
## Summary Spring Framework open source library is used by IBM OpenPages with Watson. Multiple vulnerabilties are being disclosed from Spring Framework within this bulletin. These vulnerabilities are ...
Continue Reading
July 28, 2023
CVE-2023-0958
Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_insta ...
Continue Reading
July 28, 2023
CVE-2023-3977
Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is ca ...
Continue Reading
July 28, 2023
CVE-2023-3670
In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to plac ...
Continue Reading
July 28, 2023
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 17, 2023 to July 23, 2023)
Last week, there were 62 vulnerabilities disclosed in 1035 WordPress Plugins and 90 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulner ...
Continue Reading
July 27, 2023
CVE-2023-3957
The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apg_profile_update' function in versions up to, and inclu ...
Continue Reading
July 27, 2023
Internet Bug Bounty: [CVE-2023-22799] Possible ReDoS based DoS vulnerability in GlobalID
I made a report and patch at https://hackerone.com/reports/1696752. https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127 > There is a possible D ...
Continue Reading
July 27, 2023
Incorrect Permission Assignment
gitlab is vulnerable to Incorrect Permission Assignment. The vulnerability exists due to improper access control in the library, which allows an attacker to edit the approval rules via the API by an u ...
Continue Reading
July 27, 2023
Denial Of Service (DoS)
gitlab is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the lack of length validation of the library, which allows an attacker to create large issue descriptions via GraphQL, ...
Continue Reading
July 27, 2023
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in gRPC
## Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of gRPC. ## Vulnerability Details ** CVEID: **[CVE-2023-32732]() ** DESCRIPTION: **gRPC is vulnerable ...
Continue Reading
July 27, 2023
