Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage...
7AI Score
0.05EPSS
(RHSA-2024:1862) Important: Red Hat Single Sign-On 7.6.8 security update on RHEL 9
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.8 on RHEL 9 serves as a replacement for Red Hat Single Sign-On.....
8.1AI Score
0.0005EPSS
(RHSA-2024:1861) Important: Red Hat Single Sign-On 7.6.8 security update on RHEL 8
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.8 on RHEL 8 serves as a replacement for Red Hat Single Sign-On.....
8.1AI Score
0.0005EPSS
(RHSA-2024:1860) Important: Red Hat Single Sign-On 7.6.8 enhancement and security update on RHEL 7
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.8 on RHEL 7 serves as a replacement for Red Hat Single Sign-On.....
8.1AI Score
0.0005EPSS
Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted...
3.1CVSS
7AI Score
0.0004EPSS
Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted...
3.1CVSS
4.1AI Score
0.0004EPSS
Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted...
3.1CVSS
4.5AI Score
0.0004EPSS
Five Key Takeaways from the 2024 Imperva Bad Bot Report
Bad bots continue to affect consumers and organizations across all sectors. For over eleven years, Imperva has been dedicated to helping organizations manage and mitigate the threat of bad bots. We’ve published the 2024 Imperva Bad Bot Report as part of our commitment to helping organizations...
7AI Score
Navigating the EU NIS2 Directive
How Qualys Cybersecurity Solutions Ensure Compliance The European Union’s revised Network and Information Security (NIS2) Directive is a comprehensive cybersecurity regulation aimed at bolstering the resilience of critical entities and essential services across the EU. As organizations grapple...
7.6AI Score
Crickets from Chirp Systems in Smart Lock Key Leak
The U.S. government is warning that "smart locks" securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock's maker Chirp Systems remains unresponsive, even though it was first notified about the critical.....
7AI Score
Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through...
4.3CVSS
6.8AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through...
4.3CVSS
4.6AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through...
4.3CVSS
5AI Score
0.0004EPSS
Chinese-Linked LightSpy iOS Spyware Targets South Asian iPhone Users
Cybersecurity researchers have discovered a "renewed" cyber espionage campaign targeting users in South Asia with the aim of delivering an Apple iOS spyware implant called LightSpy. "The latest iteration of LightSpy, dubbed 'F_Warehouse,' boasts a modular framework with extensive spying features,"....
7.5AI Score
IBM Security verify Access Appliance Denial of Service Vulnerability
IBM Security Verify Access (ISAM) is a service from International Business Machines (IBM) that improves user access security. The service enables secure and simple access to platforms such as the Web, mobile, IoT and cloud using risk-based access, single sign-on, integrated access management...
6.2CVSS
6.5AI Score
0.0004EPSS
7.4AI Score
7.4AI Score
7.4AI Score
IBM Security verify Access Appliance Security Vulnerability
IBM Security Verify Access (ISAM) is a service from International Business Machines (IBM) that improves user access security. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated...
7.5CVSS
6.4AI Score
0.0004EPSS
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
Apple warns people of mercenary attacks via threat notification system
Apple has reportedly sent alerts to individuals in 92 nations on Wednesday, April 10, to say it's detected that they may have been a victim of a mercenary attack. The company says it has sent out these types of threat notifications to over 150 countries since the start in 2021. Mercenary spyware...
7.1AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 193 vulnerabilities disclosed in 154...
9.9CVSS
9.8AI Score
0.082EPSS
APKDeepLens - Android Security Insights In Full Spectrum
APKDeepLens is a Python based tool designed to scan Android applications (APK files) for security vulnerabilities. It specifically targets the OWASP Top 10 mobile vulnerabilities, providing an easy and efficient way for developers, penetration testers, and security researchers to assess the...
7.1AI Score
mobile-electronique.fr Cross Site Scripting vulnerability OBB-3915282
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks
Apple on Wednesday revised its documentation pertaining to its mercenary spyware threat notification system to mention that it alerts users when they may have been individually targeted by such attacks. It also specifically called out companies like NSO Group for developing commercial surveillance....
7.4AI Score
A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /control/adds.php. The manipulation of the argument name/gender/dob/email/mobile/address leads to sql...
4.7CVSS
7.3AI Score
0.0004EPSS
A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /control/adds.php. The manipulation of the argument name/gender/dob/email/mobile/address leads to sql...
4.7CVSS
5.2AI Score
0.0004EPSS
CVE-2024-3620 SourceCodester Kortex Lite Advocate Office Management System adds.php sql injection
A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /control/adds.php. The manipulation of the argument name/gender/dob/email/mobile/address leads to sql...
4.7CVSS
5.6AI Score
0.0004EPSS
A vulnerability classified as problematic was found in Campcodes Church Management System 1.0. This vulnerability affects unknown code of the file /admin/add_visitor.php. The manipulation of the argument mobile leads to cross site scripting. The attack can be initiated remotely. The exploit has...
3.5CVSS
6.3AI Score
0.0004EPSS
A vulnerability classified as problematic was found in Campcodes Church Management System 1.0. This vulnerability affects unknown code of the file /admin/add_visitor.php. The manipulation of the argument mobile leads to cross site scripting. The attack can be initiated remotely. The exploit has...
3.5CVSS
3.9AI Score
0.0004EPSS
CVE-2024-3542 Campcodes Church Management System add_visitor.php cross site scripting
A vulnerability classified as problematic was found in Campcodes Church Management System 1.0. This vulnerability affects unknown code of the file /admin/add_visitor.php. The manipulation of the argument mobile leads to cross site scripting. The attack can be initiated remotely. The exploit has...
3.5CVSS
4.3AI Score
0.0004EPSS
CVE-2024-3542 Campcodes Church Management System add_visitor.php cross site scripting
A vulnerability classified as problematic was found in Campcodes Church Management System 1.0. This vulnerability affects unknown code of the file /admin/add_visitor.php. The manipulation of the argument mobile leads to cross site scripting. The attack can be initiated remotely. The exploit has...
3.5CVSS
6.3AI Score
0.0004EPSS
Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included
Microsoft has released security updates for the month of April 2024 to remediate a record 149 flaws, two of which have come under active exploitation in the wild. Of the 149 flaws, three are rated Critical, 142 are rated Important, three are rated Moderate, and one is rated Low in severity. The...
9CVSS
9AI Score
0.005EPSS
BT-Professional MOBILE Arbitrary File Read Vulnerability
BT-Professional is reliable software for organizing and managing all nursing tasks. An arbitrary file read vulnerability exists in BT-Professional MOBILE, which can be exploited by an attacker to read arbitrary...
7.1AI Score
7.8CVSS
7AI Score
EPSS
Microsoft is addressing 149 vulnerabilities this April 2024 Patch Tuesday, which is significantly more than usual. For the second month in a row, Microsoft indicated that they weren't aware of prior public disclosure or exploitation in the wild for any of the vulnerabilities patched today....
9CVSS
10AI Score
EPSS
Microsoft and Adobe Patch Tuesday, April 2024 Security Update Review
Welcome to another insightful dive into Microsoft's Patch Tuesday! This month's security updates address a vast number of vulnerabilities in multiple popular products, features, and roles. We invite you to join us to review and discuss the details of these security updates and patches. Microsoft...
8.8CVSS
9.2AI Score
0.004EPSS
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extract sensitive...
5.9CVSS
9.2AI Score
0.0004EPSS
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extract sensitive...
5.9CVSS
5.6AI Score
0.0004EPSS
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extract sensitive...
5.9CVSS
5.8AI Score
0.0004EPSS
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extract sensitive...
5.9CVSS
6.7AI Score
0.0004EPSS
5CVSS
6.3AI Score
0.0004EPSS