CVE-2021-24950

Read Time:23 Second

The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in the insight_customizer_options_import (available to any authenticated user), does not validate user input before passing it to unserialize(), nor sanitise and escape it before outputting it in the response. As a result, it could allow users with a role as low as Subscriber to perform PHP Object Injection, as well as Stored Cross-Site Scripting attacks

USN-7461-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...

April 24, 2025

USN-7460-1: Linux kernel (Azure FIPS) vulnerabilities

Jann Horn discovered that the watch_queue event notification subsystem in the Linux kernel contained an out-of-bounds write vulnerability. A local...

April 24, 2025

USN-7459-1: Linux kernel (Intel IoTG) vulnerabilities

Jann Horn discovered that the watch_queue event notification subsystem in the Linux kernel contained an out-of-bounds write vulnerability. A local...

April 24, 2025

USN-7458-1: Linux kernel (IBM) vulnerabilities

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker...

April 24, 2025

USN-7457-1: OpenSSH vulnerability

It was discovered that OpenSSH incorrectly handled the DisableForwarding directive. The directive would fail to disable X11 and agent forwarding,...

April 24, 2025

rust-hickory-proto-0.24.4-1.fc42

FEDORA-2025-99f0d93d68 Packages in this update: rust-hickory-proto-0.24.4-1.fc42 Update description: Update to version 0.24.4. Also contains fixes for RUSTSEC-2025-0006. Read More

April 24, 2025

Blue Shield of California Data Breach Affects 4.7 Million Members

Highest-Risk Security Flaw Found in Commvault Backup Solutions

Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks

Ransomware Attacks Fall Sharply in March

ETSI Unveils New Baseline Requirements for Securing AI

Ofcom Lays Down the Law with Child Safety Rules for Tech Giants

Smashing Security podcast #414: Zoom.. just one click and your data goes boom!

From Fast to Smart: Rethinking Incident Response Metrics

DOGE Worker’s Code Supports NLRB Whistleblower

USN-7461-1: Linux kernel vulnerabilities

USN-7460-1: Linux kernel (Azure FIPS) vulnerabilities

USN-7459-1: Linux kernel (Intel IoTG) vulnerabilities

USN-7458-1: Linux kernel (IBM) vulnerabilities

USN-7457-1: OpenSSH vulnerability

rust-hickory-proto-0.24.4-1.fc42