Latest Vulnerabilities

In the past week, several serious vulnerabilities have been identified in various software and platforms. Wiki.js, KeePassXC, GitHub Enterprise Server, and Trivy are among the affected systems. These vulnerabilities could potentially lead to stored cross-site scripting attacks, authentication bypass, cleartext credentials recovery, and even denial of service incidents. Users are advised to update their software to the latest versions to mitigate these risks and protect their data from exploitation by malicious actors.

Wiki.js Stored XSS through Client Side Template Injection
The ibc-go module is affected by the Inter-Blockchain Communication (IBC) protocol "Huckleberry" vulnerability.
go/github.com/cosmos/ibc-go<=1.5.0
go/github.com/cosmos/ibc-go/v2<=2.5.0
go/github.com/cosmos/ibc-go/v3<=3.4.0
go/github.com/cosmos/ibc-go/v4>=4.4.0<4.4.1
go/github.com/cosmos/ibc-go/v4>=4.3.0<4.3.1
go/github.com/cosmos/ibc-go/v4>=4.2.0<4.2.2
and 5 more
An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnera...
Issue in KeePassXC 2.7.7 allows an attacker to recover some passwords stored in the .kdbx database.
KeePassXC 2.7.7 allows attackers to recover cleartext credentials.
Stacklok Minder vulnerable to denial of service from maliciously crafted templates
go/github.com/stacklok/minder<0.0.50
Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created templates. Minder engine uses templating to generate strings for various use ...
go/github.com/stacklok/minder<0.0.50
Trivy possibly leaks registry credential when scanning images from malicious registries
go/github.com/aquasecurity/trivy<0.51.2
## Impact If a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials for legitimate registries such as AWS ...
go/github.com/aquasecurity/trivy<0.51.2
### Impact Users with access to a form's settings can include malicious Twig code into fields that support Twig. These might be the Submission Title or the Success Message. This code will then be exec...
composer/verbb/formie<2.1.6
verbb/formie Server-Side Template Injection for variable-enabled settings
composer/verbb/formie<2.1.6
When making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same origin will continue to ignore cer...
pip/requests<2.32.0
Requests `Session` object does not verify requests after making first request with verify=False
pip/requests<2.32.0
The PHP file view/about.php is vulnerable to an XSS issue due to no sanitization of the user agent. At line [53], the website gets the user-agent from the headers through $_SERVER['HTTP_USER_AGENT'] ...
composer/wwbn/avideo<14.3
A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the `bundle()`, `parse()`, `resolve()`, `dereference()`...
npm/@apidevtools/json-schema-ref-parser>=11.0.0<=11.1.0
A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 allows an attacker to execute arbitrary code via the M function e argument in index.js.
npm/@bit/loader<=10.0.3
A Prototype Pollution issue in Blackprint @blackprint/engine 0.8.12 through 0.9.1 allows an attacker to execute arbitrary code via the `_utils.setDeepProperty` function of `engine.min.js`.
npm/@blackprint/engine>=0.8.12<0.9.2
SolarWinds Platform Reflected XSS Vulnerability
likeshop 2.5.7 is vulnerable to SQL Injection via the getOrderList function.
Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv.
Buffer Overflow vulnerability in Waxlab wax v.0.9-3 and before allows an attacker to cause a denial of service via the Lua library component.
A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the `bundle()`, `parse()`, `resolve()`, `dereference()`...
npm/@apidevtools/json-schema-ref-parser>=11.0.0<=11.1.0
Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv.
smanga 3.2.7 does not filter the file parameter at the PHP/get file flow.php interface, resulting in a path traversal vulnerability that can cause arbitrary file reading.
A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 allows an attacker to execute arbitrary code via the M function e argument in index.js.
npm/@bit/loader<=10.0.3
Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv.
Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv.
Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv.
A vulnerability has been identified in the robrichards/xmlseclibs library, specifically related to XPath injection. The issue arises from inadequate filtering of user input before it is incorporated i...
composer/robrichards/xmlseclibs>=1.0.0<3.0.2
Zoho ManageEngine ADAudit Plus through 7251 allows SQL injection while getting file server details.
Zoho ManageEngine ADAudit Plus through 7251 allows SQL Injection while exporting a full summary report.
Zoho ManageEngine ADAudit Plus through 7251 allows SQL injection in the dashboard graph feature.
The service offered by Pusher provides "private" channels with an authentication mechanism that restricts subscription access. The decision on allowing subscriptions to private channels is delegated t...
composer/pusher/pusher-php-server<2.2.1
Zoho ManageEngine ADAudit Plus through 7251 allows SQL injection while adding file shares.
The limit() query method is susceptible to catastrophic SQL injection with MySQL. For example, given a model User for a table users: ``` UserQuery::create()->limit('1;DROP TABLE users')->find(); ``` ...
composer/propel/propel1>=1<=1.7.1
Zoho ManageEngine ADAudit Plus through 7251 allows SQL injection in the aggregate reports search option.
The limit() query method is susceptible to catastrophic SQL injection with MySQL. For example, given a model User for a table users: ``` UserQuery::create()->limit('1;DROP TABLE users')->find(); ``` ...
composer/propel/propel>=2.0.0-alpha1<=2.0.0-alpha7
An issue in Quanxun Huiju Network Technology(Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 allows attackers to cause a Denial of Service (DoS) when attempting to make TCP connections.
Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect attack.
A Prototype Pollution issue in Blackprint @blackprint/engine 0.8.12 through 0.9.1 allows an attacker to execute arbitrary code via the `_utils.setDeepProperty` function of `engine.min.js`.
npm/@blackprint/engine>=0.8.12<0.9.2
Versions preceding 0.6.1 of the phpxmlrpc/extras project are susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability exists within the class documenting_xmlrpc_server when proces...
composer/phpxmlrpc/extras<0.6.1
### Description A user could create and share a resource with a malicious URI. When the victim opens with menu “Open URI in a new tab” function, the malicious page has access to the window.opener obje...
composer/passbolt/passbolt_api<2.11.0
### Description An administrator can craft a user with a malicious first name and last name, using a payload such as ``` <svg onload="confirm(document.domain)">'); ?></svg> ``` The user will then rece...
composer/passbolt/passbolt_api<2.11.0
ASUS OVPN RCE
Passbolt provides a way for system administrators to generate a PGP key for the server during installation. The wizard requests a username, an e-mail address and an optional comment. No escaping or ve...
composer/passbolt/passbolt_api<2.7.0
Passbolt uses three cookies: a session cookie, a CSRF protection cookie and a cookie to keep track of the multiple-factor authentication process. Both the session cookie and the mfa cookie are proper...
composer/passbolt/passbolt_api<2.7.0
Passbolt sends e-mail to users to warn them about different type of events such as the creation, modification or deletion of a password. Those e-mails may contain user-specified input, such as a passw...
composer/passbolt/passbolt_api<2.7.0
Cisco OpenDNS Pulsing DNS Denial of Service Vulnerability
### Summary Servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a MitM attack. #...
pip/aiosmtpd<1.4.6
### Impact Executing policy checks using custom schematron files invokes an XSL transformation that may theoretically lead to a remote code execution (RCE) vulnerability. ### Patches This has been ...
maven/org.verapdf:library-jakarta<1.24.2
maven/org.verapdf:library<1.24.2
maven/org.verapdf:library-arlington<1.25.127
maven/org.verapdf:core-arlington<1.25.127
maven/org.verapdf:core-jakarta<1.24.2
maven/org.verapdf:core<1.24.2

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203