An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled.
This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.
Published at: May 28, 2020 at 05:15PM
View on website
In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links.
This has been fixed in 1.2.1.
Published at: May 28, 2020 at 05:15PM
View on website
node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1.
Published at: May 28, 2020 at 03:15PM
View on website
Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P.
Published at: May 28, 2020 at 03:15PM
View on website
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).
Published at: May 28, 2020 at 10:15AM
View on website
Educ Arte Económico 