Tagged: Cybersecurity Alert

The LJUsers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter of the ‘ljuser’ shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output...

The LT Unleashed plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the ‘template’ parameter in the `book` shortcode due to insufficient path sanitization. This...

The High Level Synthesis Compiler i++ command for Windows is vulnerable to a DLL planting vulnerability More information : https://www.altera.com/security/security-advisory/asa-0003

When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS certificate verification can allow an attacker able to intercept network traffic between the client and server can...

The System Console Utility for Windows is vulnerable to a DLL planting vulnerability More information : https://www.altera.com/security/security-advisory/asa-0002

Uncontrolled Search Path Element vulnerability in Altera High Level Synthesis Compiler on Windows allows Search Order Hijacking.This issue affects High Level Synthesis Compiler: from 19.1 through 24.3. More information : https://www.altera.com/security/security-advisory/asa-0003

When the user set the Notification’s sender to send emails to the SMTP server via msmtp, an improper validated TLS/SSL certificates allows an attacker who can intercept network traffic between the SMTP client and...

Unchecked output buffer may allowed arbitrary code execution in SMM and potentially result in SMM memory corruption. More information : https://www.insyde.com/security-pledge/sa-2025009/

It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19.0.2, 19.1.3 and...

SpaceX Starlink Dish devices with firmware 2024.12.04.mr46620 (e.g., on Mini1_prod2) allow administrative actions via unauthenticated LAN gRPC requests, aka MARMALADE 2. The cross-origin policy can be bypassed by omitting a Referer header. In some...

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when creating prompts, JSON requests are sent to define and modify the prompts via PATCH endpoint for prompt groups (/api/prompts/groups/:groupId). However,...

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, there is no handler for JSON parsing errors; SyntaxError from express.json() includes user input in the error message, which gets reflected...

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL parameter of the POST request can be modified by an attacker. The malicious...

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.6 and below, the SYSTEM-level service SbieSvc.exe exposes SbieIniServer::RC4Crypt to sandboxed processes. The handler adds a fixed header...