CVE-2024-54676 [CRITICAL] :

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data. Users are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation.

Mosscap

Lakera’s famous Gandalf reinvented for DEF CON. Trick Mosscap into revealing secret information and experience the security limitations of large language models firsthand.

Visit Website

Listed: Fri Jun 28 2024