Test and evaluate your WAF before hackers
Since 1991, Web Application Firewall, commonly referred to as WAF, has become one of the most common application security technologies available on the market. Since the last century, WAFs have evolved by incorporating the cloud and using Machine Learning instead of RegExp. Currently, few...
6.6AI Score
K000138866 : Python Pillow vulnerability CVE-2023-50447
Security Advisory Description Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). (CVE-2023-50447) Impact There is no impact; F5 products are not affected...
9.8CVSS
7.1AI Score
0.003EPSS
GoPlus Security Raises in Private II+ Funding to Fortify Web3 User Safety
By Waqas GoPlus Security secures $4M to build a user-driven Web3 security network. Their AI-powered platform provides real-time threat detection across 20+ blockchains, empowering users with the SecWareX suite for on-chain security. This is a post from HackRead.com Read the original post: GoPlus...
7.3AI Score
MongoDB Certificate Validation Vulnerability (SERVER-72839) - Windows
MongoDB is prone to a certificate validation...
8.8CVSS
8.7AI Score
0.0004EPSS
Fedora: Security Advisory for univocity-parsers (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for...
7AI Score
0.0004EPSS
Fedora: Security Advisory for libreoffice (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for...
7AI Score
0.0004EPSS
MongoDB Certificate Validation Vulnerability (SERVER-72839) - Linux
MongoDB is prone to a certificate validation...
8.8CVSS
8.7AI Score
0.0004EPSS
Fedora: Security Advisory for apache-commons-net (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for...
7AI Score
0.0004EPSS
Fedora: Security Advisory for regexp (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for...
7AI Score
0.0004EPSS
Fedora: Security Advisory for guava (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for...
7AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: univocity-parsers-2.9.1-13.fc40
uniVocity-parsers is a suite of extremely fast and reliable parsers for Java. It provides a consistent interface for handling different file formats, and a solid framework for the development of new...
6.9AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: regexp-1.5-48.fc40
Regexp is a 100% Pure Java Regular Expression package that was graciously donated to the Apache Software Foundation by Jonathan Locke. He originally wrote this software back in 1996 and it has stood up quite well to the test of time. It includes complete Javadoc documentation as well as a simple...
6.8AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: libreoffice-24.2.1.1-3.fc40
LibreOffice is an Open Source, community-developed, office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. ...
9AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: guava-32.1.3-5.fc40
Guava is a suite of core and expanded libraries that include utility classes, Google=EF=BF=BD=EF=BF=BD=EF=BF=BDs collections, io classes, and much much more. This project is a complete packaging of all the Guava libraries into a single jar. Individual portions of Guava can be used by downloading...
9.1AI Score
0.0004EPSS
[SECURITY] Fedora 40 Update: apache-commons-net-3.10.0-5.fc40
This is an Internet protocol suite Java library originally developed by ORO, Inc. This version supports Finger, Whois, TFTP, Telnet, POP3, FTP, NNTP, SMTP, and some miscellaneous protocols like Time and Echo as well as BSD R command support. The purpose of the library is to provide fundamental...
6.9AI Score
0.0004EPSS
MongoDB Ops Manager Diagnostic Archive Sensitive Information Retriever
MongoDB Ops Manager Diagnostics Archive does not redact SAML SSL Pem Key File Password field (mms.saml.ssl.PEMKeyFilePassword) within app settings. Archives do not include the PEM files themselves. This module extracts that unredacted password and stores the diagnostic archive for additional...
7.5AI Score
Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to...
8.8CVSS
8.8AI Score
0.0004EPSS
Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to...
8.8CVSS
8.6AI Score
0.0004EPSS
Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to...
8.8CVSS
7.3AI Score
0.0004EPSS
CISOs share their top 7 strategies for gaining C-Suite buy-in
In a recent webinar hosted by Wiz, three esteemed CISOs shared their strategies for getting C-suite executives on board with plans for a comprehensive security...
7.4AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (February 26, 2024 to March 3, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 121 vulnerabilities disclosed in 88...
9.8CVSS
9.6AI Score
0.001EPSS
CVE-2024-1351 MongoDB Server may allow successful untrusted connection
Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to...
8.8CVSS
8.9AI Score
0.0004EPSS
Predator spyware vendor banned in US
The US Treasury Department has sanctioned Predator spyware vendor Intellexa Consortium, and banned the company from doing business in the US. Predator can turn infected smartphones into surveillance devices. Intellexa is based in Greece but the Treasury Department imposed the sanctions because of.....
7.4AI Score
Security Advisory Description CVE-2024-20918 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle...
7.4CVSS
6.6AI Score
0.001EPSS
Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to failing....
8.8CVSS
8.9AI Score
0.0004EPSS
K000138851 : OpenJDK vulnerabilities CVE-2024-20921, CVE-2024-20926, and CVE-2024-20932
Security Advisory Description CVE-2024-20921 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle...
7.5CVSS
6.8AI Score
0.001EPSS
CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability
Summary Here it is observed that the CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. Details The web application lacks control over the login attempts i.e. why attacker can use a password brute force attack to find and get full access...
9.1CVSS
7.3AI Score
0.0004EPSS
A New Way To Manage Your Web Exposure: The Reflectiz Product Explained
An in-depth look into a proactive website security solution that continuously detects, prioritizes, and validates web threats, helping to mitigate security, privacy, and compliance risks. [Reflectiz shields websites from client-side attacks, supply chain risks, data breaches, privacy violations,...
6.9AI Score
Suite CRM version 7.14.2 allows making arbitrary HTTP requests throughthe vulnerable server. This is possible because the application is vulnerableto...
5CVSS
7AI Score
0.0004EPSS
An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. This...
7.1CVSS
6.8AI Score
0.001EPSS
An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the...
6.5CVSS
6.4AI Score
0.001EPSS
It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS.....
7.5CVSS
7.5AI Score
0.003EPSS
An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of service or server crash. This issue affects: MongoDB Inc. MongoDB Server v5.0 versions, prior to and including...
6.5CVSS
6.5AI Score
0.001EPSS
If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Linux), it is possible that client certificate validation may not be in effect, potentially allowing client to...
7.5CVSS
6.6AI Score
0.001EPSS
How to Find and Fix Risky Sharing in Google Drive
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally. ....
6.8AI Score
IBM Security Guardium XML External Entity Injection Vulnerability (CNVD-2024-12704)
IBM Security Guardium is a suite of platforms from International Business Machines (IBM) that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium Key Lifecycle Manager suffers from...
5.5CVSS
7AI Score
0.0004EPSS
7.4AI Score
0.0004EPSS
K000138827 : OpenSSH vulnerability CVE-2023-51385
Security Advisory Description In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell...
6.5CVSS
7.6AI Score
0.003EPSS
Releases Ubuntu 23.10 Ubuntu 22.04 LTS Packages frr - FRRouting suite of internet protocols Details It was discovered that FRR incorrectly handled certain malformed OSPF LSA packets. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of...
7.5AI Score
0.0004EPSS
CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability
Summary Here it is observed that the CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. Details The web application lacks control over the login attempts i.e. why attacker can use a password brute force attack to find and get full access...
9.1CVSS
7.3AI Score
0.0004EPSS
7.2AI Score
0.0004EPSS
Achieving NIST CSF 2.0 Top Tier Adaptable Status
An Overview of NIST CSF 2.0 The National Institute of Standards and Technology (NIST) recently updated its popular Cybersecurity Framework (CSF) to version 2.0 to help organizations reduce cybersecurity risks. Designed for virtually all industry sectors, from small to medium businesses (SMBs) to...
7.4AI Score
Summary IBM Maximo Application Suite - Edge Data Collector uses cryptography-41.0.3-cp37-abi3-manylinux_2_28_x86_64.whl and cryptography-41.0.5-cp37-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2023-49083 Vulnerability Details ** CVEID: CVE-2023-49083 DESCRIPTION: **Cryptography...
7.5CVSS
9.2AI Score
0.001EPSS
Summary IBM Maximo Application Suite - Edge Data Collector uses openssl-src-111.26.0+1.1.1u.crate which is vulnerable to CVE-2023-3817 Vulnerability Details ** CVEID: CVE-2023-3817 DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DH_check(),...
5.3CVSS
6.7AI Score
0.002EPSS
Summary IBM Maximo Application Suite - Edge Data Collector uses follow-redirects-1.15.2.tgz and follow-redirects-1.15.3.tgz which is vulnerable to CVE-2023-26159 Vulnerability Details ** CVEID: CVE-2023-26159 DESCRIPTION: **follow-redirects could allow a remote attacker to conduct phishing...
7.3CVSS
6.2AI Score
0.001EPSS
Summary IBM Maximo Application Suite - Edge Data Collector uses postcss-8.4.14.tgz which is vulnerable to CVE-2023-44270 Vulnerability Details ** CVEID: CVE-2023-44270 DESCRIPTION: **PostCSS could allow a remote attacker to bypass security restrictions, caused by improper input validaiton. By...
5.3CVSS
6.7AI Score
0.001EPSS
Summary IBM Maximo Application Suite - Edge Data Collector uses Pillow-9.3.0-cp37-cp37m-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2023-44271 Vulnerability Details ** CVEID: CVE-2023-44271 DESCRIPTION: **Pillow is vulnerable to a denial of service, caused by a flaw with uncontrollably...
7.5CVSS
6.7AI Score
0.001EPSS
Summary IBM Maximo Application Suite - Edge Data Collector uses axios-1.5.0.tgz and axios-1.5.1.tgz which is vulnerable to CVE-2023-45857 Vulnerability Details ** CVEID: CVE-2023-45857 DESCRIPTION: **Axios is vulnerable to cross-site request forgery, caused by improper validation of user-supplied.....
6.5CVSS
8.9AI Score
0.001EPSS
TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 Privilege Escalation Vulnerability
...
8.8CVSS
7.2AI Score
0.001EPSS
K000138814 : OpenLDAP vulnerability CVE-2023-2953
Security Advisory Description A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. (CVE-2023-2953). Impact This vulnerability may result in low system memory leading to failure in LDAP...
7.5CVSS
6.5AI Score
0.003EPSS