Hoteldruid v3.0.5 - SQL Injection
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at...
9.8CVSS
8.2AI Score
0.001EPSS
Github Enterprise Authenticated Remote Code Execution
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...
9.8CVSS
8.3AI Score
0.066EPSS
The Future of Phishing Email Training for Employees in Cybersecurity
By Waqas Discover the future of phishing email training, including personalized simulations, gamification, AI, and realistic scenarios. Empower your employees to combat evolving cyber threats and protect your organization. This is a post from HackRead.com Read the original post: The Future of...
7.2AI Score
Summary Websphere Application Server (WAS) is shipped as a component of IBM Operations Analytics Predictive Insights. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s) listed in the...
7CVSS
6.2AI Score
0.0004EPSS
For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research. They provide a representative snapshot of what we have published.....
7.7AI Score
Summary There are vulnerabilities in IBM WebSphere Application Server Liberty related packages that are shipped with IBM CICS TX Advanced. The version of IBM WebSphere Application Server Liberty shipped with IBM CICS TX Advanced has been updated to address the applicable issues. Vulnerability...
7CVSS
7.1AI Score
0.0004EPSS
Summary There are vulnerabilities in IBM WebSphere Application Server Liberty related packages that are shipped with IBM CICS TX Standard. The version of IBM WebSphere Application Server Liberty shipped with IBM CICS TX Standard has been updated to address the applicable issues. Vulnerability...
7CVSS
7.1AI Score
0.0004EPSS
Summary There are vulnerabilities in IBM WebSphere Application Server Liberty related packages that are shipped with IBM TXSeries for Multiplatforms. The version of IBM WebSphere Application Server Liberty shipped with IBM TXSeries for Multiplatforms has been updated to address the applicable...
7CVSS
7.1AI Score
0.0004EPSS
Summary There are vulnerabilities in the Administration console shipped with IBM TXSeries for Multiplatforms. IBM TXSeries for Multiplatforms has been updated to address the applicable issues. Vulnerability Details ** CVEID: CVE-2024-22343 DESCRIPTION: **IBM TXSeries for Multiplatforms allows...
7.2AI Score
[SECURITY] [DSA 5684-1] webkit2gtk security update
Debian Security Advisory DSA-5684-1 [email protected] https://www.debian.org/security/ Alberto Garcia May 09, 2024 https://www.debian.org/security/faq Package : webkit2gtk CVE ID : CVE-2023-42843 CVE-2023-42950...
0.0004EPSS
Security Bulletin: IBM Automation Decision Services - April 2024 -Multiple CVEs addressed
Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details ** CVEID: CVE-2024-31906 DESCRIPTION: **IBM Automation...
8.2CVSS
9.3AI Score
0.005EPSS
Updated tpm2-tools packages fixes security vulnerabilities
A flaw was found in the tpm2-tools package. This issue occurs due to a missing check whether the magic number in attest is equal to TPM2_GENERATED_VALUE, which can allow an attacker to generate arbitrary quote data that may not be detected by tpm2_checkquote (CVE-2024-29038). The pcr selection...
7.3AI Score
(RHSA-2024:2780) Important: nodejs:18 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: CONTINUATION frames DoS (CVE-2024-27983) nodejs: using the fetch() function to retrieve content from an untrusted URL leads to...
8.2CVSS
7.4AI Score
0.0004EPSS
(RHSA-2024:2779) Important: nodejs:18 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: CONTINUATION frames DoS (CVE-2024-27983) nodejs: using the fetch() function to retrieve content from an untrusted URL leads to...
8.2CVSS
7.4AI Score
0.0004EPSS
(RHSA-2024:2778) Important: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) nghttp2: CONTINUATION frames DoS (CVE-2024-28182) nodejs: using the...
8.2CVSS
7.4AI Score
0.0004EPSS
Pipedream ICS malware toolkit is a nightmare
TL;DR Malware toolkit specifically designed for attacking ICS Modular and framework based Main features are enumeration, Modbus comms, and HTTP interactions Operational Technology (OT) network breaches are often due to connected Windows devices Off-network compromise assessments give a strategic...
7.6AI Score
Summary IBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...
7.1AI Score
Summary IBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...
7.1AI Score
Summary IBM WebSphere Application Server, which is shipped with IBM Security Access Manager for Enterprise Single Sign-On, is vulnerable to a denial of service. Apply updates as referenced in the Remediation/Fixes section below. Vulnerability Details Refer to the security bulletin(s) listed in...
5.9CVSS
5.7AI Score
0.0004EPSS
Summary IBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. See the bulletins listed in the Remediation/Fixes...
9.8CVSS
9.2AI Score
0.003EPSS
Detect & Address the Top 10 MITRE ATT&CK Techniques for Ransomware Using Policy Compliance
In cybersecurity, the battle against ransomware is a pivotal challenge for organizations worldwide. Attackers are consistently refining their methods, highlighting the critical need for businesses to remain proactive in their defense strategies. To effectively address this threat, it is essential.....
7.6AI Score
Science works with chunks and bits and pieces of things with the continuity presumed, and Art works only with the continuities of things with the chunks and bits and pieces presumed. - Robert M. Pirsig The ability of LLMs to produce structured outputs is important for downstream applications that.....
7.1AI Score
Important: nodejs:18 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: CONTINUATION frames DoS (CVE-2024-27983) nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial...
8.2CVSS
7.3AI Score
0.0004EPSS
EulerOS 2.0 SP10 : kernel (EulerOS-SA-2024-1592)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we...
8.3AI Score
Rocky Linux 9 : nodejs:18 (RLSA-2024:2779)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2779 advisory. A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch()...
7AI Score
RHEL 8 : squid:4 (RHSA-2024:2777)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2777 advisory. Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack...
7.3AI Score
RHEL 8 : glibc (RHSA-2024:2799)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2799 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when...
7.9AI Score
Important: nodejs:18 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): nodejs: CONTINUATION frames DoS (CVE-2024-27983) nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial...
8.2CVSS
7.3AI Score
0.0004EPSS
Rocky Linux 8 : nodejs:20 (RLSA-2024:2778)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2778 advisory. A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch()...
7AI Score
7.4AI Score
9.8CVSS
7.4AI Score
0.0004EPSS
7.4AI Score
7.4AI Score
EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-1563)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of...
8.1AI Score
AlmaLinux 8 : nodejs:18 (ALSA-2024:2780)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:2780 advisory. A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch()...
7AI Score
Oracle Linux 8 : nodejs:20 (ELSA-2024-2778)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2778 advisory. An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames...
6.8AI Score
EulerOS 2.0 SP10 : golang (EulerOS-SA-2024-1567)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not...
7.5AI Score
EulerOS 2.0 SP10 : grub2 (EulerOS-SA-2024-1569)
According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set- bootflag will create a temporary file...
7.5AI Score
AlmaLinux 8 : nodejs:20 (ALSA-2024:2778)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:2778 advisory. A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch()...
7AI Score
7.4AI Score
JVN#97751842: Multiple vulnerabilities in MosP kintai kanri
MosP kintai kanri provided by esMind, LLC contains multiple vulnerabilities listed below. Path Traversal (CWE-22) CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Base Score 6.5 CVE-2024-28880 Incorrect Permission Assignment for Critical Resource (CWE-732) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L.....
7.3AI Score
EulerOS 2.0 SP10 : grub2 (EulerOS-SA-2024-1591)
According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set- bootflag will create a temporary file...
7.5AI Score
RHEL 9 : Red Hat build of MicroShift 4.15.12 (RHSA-2024:2667)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2667 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames....
7.3AI Score
Description The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.2.19. This makes it possible for authenticated attackers, with contributor-level access and above, to make web...
7.7CVSS
6.7AI Score
0.0004EPSS
7.5AI Score
EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2024-1585)
According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of...
8.1AI Score
Debian dsa-5684 : gir1.2-javascriptcoregtk-4.0 - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5684 advisory. An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and...
8.1AI Score
RHEL 8 : nodejs:18 (RHSA-2024:2780)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2780 advisory. A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using...
7AI Score
EulerOS 2.0 SP10 : kernel (EulerOS-SA-2024-1570)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we...
8.2AI Score
7.4AI Score