-
Introducing the Reflection Series on CCG’s Technology and National Security Law and Policy Seminar Course
In February 2022, CCG-NLUD will commence the latest edition of its Seminar Course on Technology and National Security Law and Policy (“the Seminar Course”). The Seminar Course is offered to interested 4th and 5th year students who are enrolled in the B.A. LL.B. (Hons.) programme at the National Law University, Delhi. The course is set…
-
Technology and National Security Law Reflection Series Paper 5: Legality of Cyber Weapons Under International Law
Siddharth Gautam* About the Author: The author is a 2020 graduate of National Law University, Delhi. Editor’s note: This post is part of the Reflection Series showcasing exceptional student essays from CCG-NLUD’s Seminar Course on Technology & National Security Law. In the present essay, the author reflects upon the following question: What are cyber weapons?…
-
CVE-2024-9939 – WordPress File Upload Path Traversal Vulnerability
CVE ID : CVE-2024-9939 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read files outside of the originally intended directory. Severity:…
-
CVE-2024-45033 – Apache Airflow Fab Provider Insufficient Session Expiration Remote Authentication Bypass
CVE ID : CVE-2024-45033 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider. This issue affects Apache Airflow Fab Provider: before 1.5.2. When user password has been changed with admin CLI, the sessions for that user have not been cleared, leading to insufficient…
-
CVE-2024-54676 – Apache OpenMeetings Object Deserialization Vulnerability
CVE ID : CVE-2024-54676 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn’t specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data. Users are recommended to upgrade to…
-
CVE-2024-13186 – Apache MinigameCenter Information Leak
CVE ID : CVE-2024-13186 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source
-
CVE-2024-12855 – AdForest for WordPress AJAX Capability Bypass
CVE ID : CVE-2024-12855 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like ‘sb_remove_ad’ in all versions up to, and including, 5.1.7. This makes it possible for authenticated attackers,…
-
CVE-2024-13185 – Apache MinigameCenter Information Disclosure
CVE ID : CVE-2024-13185 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source
-
CVE-2024-11939 – WordPress Cost Calculator Builder PRO SQL Blind Time-Based Injection
CVE ID : CVE-2024-11939 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : The Cost Calculator Builder PRO plugin for WordPress is vulnerable to blind time-based SQL Injection via the ‘data’ parameter in all versions up to, and including, 3.2.15 due to insufficient escaping on the user supplied parameter and lack of…
-
CVE-2024-12328 – Elementor MAS WordPress Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2024-12328 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : The MAS Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…