Security – Page 3 – Njalla

BTC

—

—

ETH

—

—

SOL

—

—

BNB

—

—

GOLD

—

—

XRP

—

—

DOGE

—

—

ADA

—

—

Security 77 articles

TrueConf zero-day vulnerability turns its own update process into malware delivery channel

[HIGH] Security Advisory: ONNX: TOCTOU arbitrary file read/write in save_external_dat (onnx)

[MEDIUM] Security Advisory: phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure (thorsten/phpmyfaq)

[MEDIUM] Security Advisory: phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding Leads to Stored XSS and Privilege Escalation (thorsten/phpmyfaq)

[HIGH] Security Advisory: NocoBase Has SQL Injection via template variable substitution in workflow SQL node (@nocobase/plugin-workflow-sql)

[HIGH] Security Advisory: EnhancedLinq.Async is Vulnerable to Denial of Service via Transitive Dependency Microsoft.Bcl.Memory (EnhancedLinq.Async)

[CRITICAL] Security Advisory: Juju has Improper TLS Client/Server authentication and certificate verification on Database Cluster (github.com/juju/juju)

[HIGH] Security Advisory: listmonk’s active sessions remain valid after password reset and password change (github.com/knadh/listmonk)

[MEDIUM] Security Advisory: lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit` (lodash, lodash-es, lodash-amd)

[HIGH] Security Advisory: lodash vulnerable to Code Injection via `_.template` imports key names (lodash, lodash-es, lodash-amd)

[HIGH] Security Advisory: mcp-handler has a tool response leak across concurrent client sessions (‘Race Condition’) (mcp-handler)

[CRITICAL] Security Advisory: Payload has Unvalidated Input in Password Recovery Endpoints (payload, @payloadcms/graphql)