A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories

security-advisories

XSS vulnerability in the LiteSpeed Cache plugin for WordPress (CVE-2023-40000)

Advisory No: TZCERT/SA/2024/02/29 Date of First Release: 28th February 2024 Source: securityaffairs Software Affected: LiteSpeed Cache plugin for WordPress Overview: LiteSpeed Cache plugin for WordPress is affected by a vulnerability tracked as CVE-2023-40000 which allows unauthenticated site-wide stored XSS. Remote attacker can exploit the vulnerability to steal sensitive information or …

Read More »

Critical Vulnerability in WordPress Bricks Plug-in (CVE-2024-25600)

Advisory No: TZCERT/SA/2024/02/22 Date of First Release: 22nd February 2024 Source: WordPress plugin Bricks Builder Software Affected: Bricks Builder versions 1.9.6 and earlier Overview: WordPress has released security updates to address a critical vulnerability (CVE-2024-25600) impacting their Bricks Builder Plug-in. Successful exploitation of the vulnerability may allow an attacker to …

Read More »

Revolution Slider Plugin Remote Code Execution (CVE-2023-2359)

Advisory No: TZCERT/SA/2024/02/15 Date of First Release: 15th February 2024 Source: WPScan Software Affected: Revolution Slider Plugin version <= 6.6.12 Overview: The vulnerability exists in the Revolution Slider plugin prior to version <= 6.6.12. Successfully exploitation of this vulnerability could allow a remote attacker to execute code on the affected …

Read More »

Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2024-21410)

Advisory No: TZCERT/SA/2024/02/15 Date of First Release: 15th February 2025 Source: Microsoft Software Affected: Microsoft Exchange Server Overview: Microsoft has disclosed a critical security flaw in Exchange Server that is being exploited by malicious actors. Successful exploitation of this flaw may allow an attacker to gain privileges as the victim …

Read More »

IBM Sterling Control Center vulnerable to denial of service due to Spring Boot and remote code execution due to Spring Framework (CVE-2023-20883 and CVE-2016-1000027)

Advisory No: TZCERT/SA/2024/02/08-2 Date of First Release: 8th February 2024 Source: IBM Software Affected: IBM Sterling Control Center Overview: IBM has disclosed the remote code vulnerabilities affecting IBM Sterling Control Center. The vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. Description: The vulnerabilities …

Read More »

Cisco Expressway Series Cross-Site Request Forgery Vulnerabilities (CVE-2024-20252, CVE-2024-20254 and CVE-2024-20255)

Advisory No: TZCERT/SA/2024/02/08-1 Date of First Release: 8th February 2024 Source: Cisco Software Affected: Cisco Expressway Series Overview: Cisco Expressway Series are affected by vulnerabilities tracked as CVE-2024-20252, CVE-2024-20254 and CVE-2024-20255 which could allow remote attacker to perform arbitrary actions via cross-site request forgery vulnerability affecting the system. Description: Following …

Read More »

Unified CM and Unity Connection remote code execution and file upload vulnerabilities (CVE-2024-20253 and CVE-2024-20272)

Advisory No: TZCERT/SA/2024/02/02 Date of First Release: 2nd February 2024 Source: Cisco Software Affected: Unified CM, Unified CM SME, Unified CM IM&P and Unity Connection Overview: Unified CM and Unity Connection are affected by vulnerabilities tracked as CVE-2024-20253 which could allow an unauthenticated, remote attacker to execute arbitrary code on …

Read More »

Apple WebKit Zero-Day vulnerability (CVE-2024-23222)

Advisory No: TZCERT/SA/2024/01/24 Date of First Release: 24th January 2024 Source: Apple Software Affected: Safari 17.3 – For Macs running macOS Monterey and macOS VenturaiOS 17.3 and iPadOS 17.3 – For iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation …

Read More »

GitLab Critical Security Release for GitLab Community Edition (CE) and Enterprise Edition (EE)

Advisory No: TZCERT/SA/2024/01/15 Date of First Release: 15th January 2024 Source: GitLab Software Affected: GitLab self-managed instances version 16.1 to 16.1.5,16.2 to 16.2.8,16.3 to 16.3.6,16.4 to 16.4.4,16.5 to 16.5.5,16.6 to 16.6.3 and 16.7 to 16.7.1 Overview: GitLab has released security updates to address two critical vulnerabilities (CVE-2023-7028 and CVE-2023-5356), whereby …

Read More »

Ivanti VPN Zero-Day Vulnerability (CVE-2024-21887 and CVE-2023-46805)

Advisory No: TZCERT/SA/2024/01/15 Date of First Release: 15th January 2024 Source: Ivanti Software Affected: Version 9.x and 22.x Overview: Ivanti has issued an advisory on two critical zero-day vulnerabilities discovered in Ivanti Connect Secure VPN and Ivanti Policy Secure appliances. The vulnerability could lead to unauthenticated remote code execution. Description: …

Read More »