The Linode Security Team

This week: Confluence Data Center and Server Remote Code Execution, ColdFusion and Open SSH/ssh-agent Remote Code Executions, and Zenbleed.

In this week's digest, we discuss two critical Mastodon vulnerabilities.

This week we discuss vulnerabilities in Hashicorp Vault Cross-site Scripting, Grafana Access Control and Race Condition, and more.

This week we discuss a Linux NetFilter use-after-free Kernel vulnerability, WordPress Core v6.2  XSS/CSRF/Directory Traversal vulnerabilities, and more.

We discuss a WordPress Plugin XSS vulnerability, a cPanel XSS Vulnerability, and a potential information exposure vulnerability in Flask.

We discuss a SvelteKit CSRF protection bypass, a vm2 version sandbox escape, and HashiCorp Nomad/Nomad Enterprise ACL authorization bypasses.

We discuss canceled async Redis commands, a high-severity Elementor Pro access control issue, and sudo replay to create audit trails.

In this week's digest, learn about OAuth authentication, ShadowsocksX-NG, an Apache HTTP server vulnerability and more.

We discuss an XSS vulnerability in phpMyAdmin drag-and-drop upload, a buffer overflow vulnerability in the ClamAV scanning library, and more.

This week, we discuss an OpenSSL security advisory, a vulnerability in OpenSSH Server, and improper session handling in Pi-hole Web.

We discuss how Sudoedit can edit arbitrary files, Drupal and Git security advisories, and a denial of service vulnerability in HAProxy.

This week, we discuss Apache HTTP server vulnerabilities, a Linux Kernel Netfilter Integer Overflow vulnerability, and more.