Impact
Under some circumstances, the Feeds widget on the dashboard could have an XSS vulnerability if a malformed feed was supplied.
Patches
This has been patched in Craft 3.7.29.
References

https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#37…

Impact
The default value for the CORS_ENABLED and CORS_ORIGIN configuration was set to be very permissive by default. This could lead to unauthorized access in uncontrolled environments when the configuration hasn’t been changed.
Patches
The default va…

Impact
Unauthorized JavaScript can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script tag. This satisfies the regular content security policy he…

Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, an…

NOTE: A previous patch, 1.4.2, fixed the heap memory issue, but could still lead to a DoS infinite loop. Please update to version 1.4.3
The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corrupti…

A “cybersecurity incident” targeting the retailer has caused issues with tills, restocking stores and making online deliveries.

It’s nicely designed and built, well priced and very capable, but the OnePlus 10 Pro doesn’t stand out from the affordable-flagship crowd as much as last year’s model.

愛猫・愛犬をお風呂に入れたあとの乾燥は、ペットにとっても人間にとっても大変なストレスになる。そんなス…