IBM Maximo Asset Management 6.2, 7.1, 7.5, 7.5.0.0, 7.5.0.10, 7.1.0.0, 6.2.0.0, 7.2, 7.1.1, 7.1.2, 7.2.1, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 7.1.1.1, 7.1.1.10, 7.1.1.11, 7.1.1.12, 7.1.1.2, 7.1.1.5, 7.1.1.6, 7.1.1.7, 7.1.1.8, 7.1.1.9, 7.5.0.1, 7.5.0.2, 7.5.0.3, 7.5.0.4, 7.5.0.5, 7.6, 7.5.0, 7.6.0 Security Vulnerabilities

CVE-2024-6109

A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file addmeasurement.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely....

CVE-2024-6109

A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file addmeasurement.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely....

CVE-2024-6109 itsourcecode Tailoring Management System addmeasurement.php sql injection

A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file addmeasurement.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely....

The Annual SaaS Security Report: 2025 CISO Plans and Priorities

Seventy percent of enterprises are prioritizing investment in SaaS security by establishing dedicated teams to secure SaaS applications, as part of a growing trend of maturity in this field of cybersecurity, according to a new survey released this month by the Cloud Security Alliance (CSA)....

Security Bulletin: Vulnerabilities in JAR files affect Transparent Cloud Tiering in IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in multiple JAR files affect Transparent Cloud Tiering in IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products. The vulnerabilities are not thought to be exploitable but IBM recommends upgrade for users of Transparent Cloud Tiering...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, ferretdb, bank-vaults, frp, ingress-nginx-controller, crossplane-provider-gcp, kor, nfs-subdir-external-provisioner, tekton-chains, metrics-server, cri-tools, terragrunt, aws-efs-csi-driver, goreleaser, hubble-ui, hubble, cass-operator,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: esbuild, ingress-nginx-controller, metrics-server, goreleaser, hubble-ui, certificate-transparency, kubescape, oras, fulcio, sbomqs, envoy-ratelimit, nsc, volume-modifier-for-k8s, cilium, nuclei, calico, kube-bench, bincapz, kind, kaniko, external-dns,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, ferretdb, bank-vaults, docker-credential-ecr-login, hcloud, frp, delve, go-bindata, wait-for-port, dockerize, crossplane-provider-gcp, mongo-tools, nfs-subdir-external-provisioner, metrics-server, tekton-chains, cri-tools, aws-efs-csi-driver,.....

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, ferretdb, bank-vaults, frp, ingress-nginx-controller, crossplane-provider-gcp, kor, nfs-subdir-external-provisioner, tekton-chains, metrics-server, cri-tools, terragrunt, aws-efs-csi-driver, goreleaser, hubble-ui, hubble, cass-operator,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller, metrics-server, hubble-ui, certificate-transparency, kubescape, oras, fulcio, sbomqs, nerdctl, nsc, volume-modifier-for-k8s, wave, cilium, kube-bench, kind, kaniko, octo-sts, external-dns, neuvector-sigstore-interface, dgraph, wolfictl,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, ferretdb, bank-vaults, docker-credential-ecr-login, hcloud, frp, delve, go-bindata, wait-for-port, dockerize, crossplane-provider-gcp, mongo-tools, nfs-subdir-external-provisioner, metrics-server, tekton-chains, cri-tools, aws-efs-csi-driver,.....

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: esbuild, ingress-nginx-controller, metrics-server, goreleaser, hubble-ui, certificate-transparency, kubescape, oras, fulcio, sbomqs, envoy-ratelimit, nsc, volume-modifier-for-k8s, cilium, nuclei, calico, kube-bench, bincapz, kind, kaniko, external-dns,...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller, metrics-server, hubble-ui, certificate-transparency, kubescape, oras, fulcio, sbomqs, nerdctl, nsc, volume-modifier-for-k8s, wave, cilium, kube-bench, kind, kaniko, octo-sts, external-dns, neuvector-sigstore-interface, dgraph, wolfictl,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, ferretdb, bank-vaults, docker-credential-ecr-login, hcloud, frp, delve, go-bindata, wait-for-port, dockerize, crossplane-provider-gcp, mongo-tools, nfs-subdir-external-provisioner, metrics-server, tekton-chains, cri-tools, aws-efs-csi-driver,.....

GHSA-C5Q2-7R4C-MV6G vulnerabilities

Vulnerabilities for packages: external-secrets-operator, rook, flux-kustomize-controller, ko, zarf, argo-cd, tekton-pipelines, cert-manager, frp, weaviate, skaffold, apko, grpc-health-probe, tekton-chains, istio-pilot-agent, terragrunt, goreleaser, timestamp-authority, istio-cni, containerd, dex,.....

GHSA-MFG4-W44M-WR4G vulnerabilities

Vulnerabilities for packages:...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller, metrics-server, hubble-ui, certificate-transparency, kubescape, oras, fulcio, sbomqs, nerdctl, nsc, volume-modifier-for-k8s, wave, cilium, kube-bench, kind, kaniko, octo-sts, external-dns, neuvector-sigstore-interface, dgraph, wolfictl,...

CVE-2024-28180 vulnerabilities

Vulnerabilities for packages: external-secrets-operator, rook, flux-kustomize-controller, ko, zarf, argo-cd, tekton-pipelines, cert-manager, frp, weaviate, skaffold, apko, grpc-health-probe, tekton-chains, istio-pilot-agent, terragrunt, goreleaser, timestamp-authority, istio-cni, containerd, dex,.....

GHSA-5JPM-X58V-624V vulnerabilities

Vulnerabilities for packages: opensearch, keycloak, spark, cloudwatch-exporter, neo4j, management-api-for-apache-cassandra, selenium,...

CVE-2024-29025 vulnerabilities

Vulnerabilities for packages: opensearch, keycloak, spark, cloudwatch-exporter, neo4j, management-api-for-apache-cassandra, selenium,...

CVE-2021-43618 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: vertical-pod-autoscaler, ferretdb, bank-vaults, docker-credential-ecr-login, hcloud, frp, delve, go-bindata, wait-for-port, dockerize, crossplane-provider-gcp, mongo-tools, nfs-subdir-external-provisioner, metrics-server, tekton-chains, cri-tools, aws-efs-csi-driver,.....

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller, metrics-server, hubble-ui, certificate-transparency, kubescape, oras, fulcio, sbomqs, nerdctl, nsc, volume-modifier-for-k8s, wave, cilium, kube-bench, kind, kaniko, octo-sts, external-dns, neuvector-sigstore-interface, dgraph, wolfictl,...

SUSE: Security Advisory (SUSE-SU-2024:2043-1)

The remote host is missing an update for...

K000140029: libcurl vulnerability CVE-2024-2398

Security Advisory Description When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously...

SUSE: Security Advisory (SUSE-SU-2024:2035-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2024:2037-1)

The remote host is missing an update for...

Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider

Impact A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave...

Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider

Impact A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave...

CVE-2024-37890

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and...

CVE-2024-6066

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file payment_report.php. The manipulation of the argument month_of leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2024-6066

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file payment_report.php. The manipulation of the argument month_of leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2024-37798

Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input...

CVE-2024-37798

Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input...

CVE-2024-34833

Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability results in the ability....

CVE-2024-34833

Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability results in the ability....

CVE-2024-6066 SourceCodester Best House Rental Management System payment_report.php sql injection

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file payment_report.php. The manipulation of the argument month_of leads to sql injection. It is possible to launch the attack remotely. The...

Zero-Day Marketplace Explained: How Zerodium, BugTraq, and Fear contributed to the Rise of the Zero-Day Vulnerability Black Market

Whenever a company is notified about or discovers a critical flaw in their system/application that has the potential to be exploited by malicious elements, it’s termed a vulnerability. However, every time a flaw being actively exploited is discovered, code red is punched as the organization’s IT...

CVE-2024-37896

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin <= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failin...

CVE-2024-37896

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin <= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failin...

CVE-2024-37890

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and...

CVE-2024-37890

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and...

CVE-2024-37890

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and...

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details **...

Security Bulletin: IBM QRadar Suite software is vulnerable to injection attacks (CVE-2023-47726)

Summary IBM QRadar Suite software is vulnerable to injection attacks through dashboard input. This has been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability...

CVE-2024-37896 SQL injection vulnerability in Gin-vue-admin

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin <= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failin...

CVE-2024-37840

SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID...

CVE-2024-37840

SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID...

ws affected by a DoS when handling a request with many HTTP headers

Impact A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server. Proof of concept ```js const http = require('http'); const WebSocket = require('ws'); const wss = new WebSocket.Server({ port: 0 }, function () { const chars =...

CVE-2024-37890 Denial of service when handling a request with many HTTP headers in ws

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and...