Lucene search
K

21229 matches found

Vulnrichment
Vulnrichment
added 2025/04/16 10:39 p.m.6 views

CVE-2025-24907 Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal

Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. CWE-35 Description Hitachi...

6.8CVSS6.6AI score0.0035EPSS
Exploits0References1
CVE
CVE
added 2025/04/16 10:27 p.m.62 views

CVE-2025-24908

The CVE affects Hitachi Vantara Pentaho Data Integration & Analytics, prior to version 10.2.0.2 (including 9.3.x and 8.3.x). The root cause is that the UploadFile input used to build file paths is not properly sanitized against sequences like '.../...//', allowing a path traversal outside the res...

6.8CVSS6.6AI score0.00403EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/16 10:27 p.m.5 views

CVE-2025-24908 Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal

Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. CWE-35 Description Hitachi...

6.8CVSS6.6AI score0.00403EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/16 10:27 p.m.15 views

CVE-2025-24908 Hitachi Vantara Pentaho Data Integration & Analytics – Path Traversal

Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. CWE-35 Description Hitachi...

6.8CVSS0.00403EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/16 9:1 p.m.20 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilities with an update Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because...

7.5CVSS9.5AI score0.02357EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/16 2:34 p.m.23 views

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients using...

8.8CVSS7.6AI score0.66594EPSS
Exploits0Affected Software1
Amazon
Amazon
added 2025/04/16 12:0 a.m.6 views

Medium: pcs

Issue Overview: Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This...

7.5CVSS7AI score0.00699EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/04/16 12:0 a.m.6 views

PT-2025-16914 · Hitachi Vantara · Hitachi Vantara Pentaho Data Integration & Analytics

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.2.0.2, including 9.3.x and 8.3.x Description: The product uses external input to construct a pathname that should be within a restricted directory, but it does not...

6.8CVSS6.4AI score0.0035EPSS
Exploits0References6
Amazon
Amazon
added 2025/04/16 12:0 a.m.10 views

Medium: pcs

Issue Overview: Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This...

6.9CVSS7AI score0.00699EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/04/16 12:0 a.m.15 views

PT-2025-33358

Name of the Vulnerable Software and Affected Versions: Spring Framework MVC applications affected versions not specified Description: Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. This issue occurs when...

5.9CVSS6.4AI score0.01916EPSS
Exploits1References21
Trellix
Trellix
added 2025/04/16 12:0 a.m.7 views

Closing the Security Gap From Threat Hunting to Detection Engineering

Closing the Security Gap From Threat Hunting to Detection Engineering By Ilya Kolmanovich, Alejandro Houspanossian, Joe Malenfant and Tomer Shloman · April 16, 2025 In today's rapidly evolving AI-fueled threat landscape, every organization is trying to stop threats as early as possible. Threat...

5.5AI score
Exploits0
Snyk
Snyk
added 2025/04/15 3:19 p.m.3 views

Arbitrary File Read

Overview mysql-connector-python is a MySQL driver written in Python which does not depend on MySQL C client libraries and implements the DB API v2.0 specification PEP-249. Affected versions of this package are vulnerable to Arbitrary File Read when executing LOCAL INFILE statements due to imprope...

5.7CVSS7.5AI score0.00353EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 5:41 a.m.43 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix Vulnerability Details CVEID:CVE-2024-30172 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the Ed25519...

7.5CVSS8.5AI score0.01433EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:59 a.m.11 views

Security Bulletin: Multiple vulnerabilities found in IBM EntireX.

Summary IBM EntireX has been updated in order to address multiple vulnerabilities. Vulnerability Details CVEID:CVE-2024-56812 DESCRIPTION: IBM EntireX could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in...

6.5CVSS5AI score0.00435EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:57 a.m.22 views

Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM QRadar Data Synchronization App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-47764 DESCRIPTION: jshttp cooki...

8.6CVSS9.6AI score0.02209EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:54 a.m.31 views

Security Bulletin: IBM Cognos Controller is affected by vulnerabilities

Summary There are vulnerabilities in IBM® Java™, IBM® Websphere Application Server Liberty and Open-Source Software OSS components used by IBM Cognos Controller. Additionally, IBM Cognos Controller has addressed vulnerabilities that could lead to Cross-Site Scripting XSSCVE-2024-28776, XML Extern...

10CVSS9.9AI score0.08235EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:54 a.m.10 views

Security Bulletin: IBM OpenPages fixes multiple vulnerabilities

Summary Multiple vulnerabilities with IBM OpenPages have been addressed in the latest IBM OpenPages fixpacks for both 9.0 and 8.3 versions. Vulnerability Details CVEID:CVE-2024-49355 DESCRIPTION: IBM OpenPages may write improperly neutralized data to server log files when the tracing is enabled p...

8.8CVSS7.5AI score0.00525EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:52 a.m.7 views

Security Bulletin: Vulnerability in restricted bash environment (CVE-2024-56477) affects Power HMC.

Summary The restricted bash environment is enabled in Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-56477 DESCRIPTION: IBM Hardware Management Console - Power could allow an authenticated user to traverse directories on the syste...

6.5CVSS6.4AI score0.0047EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:45 a.m.37 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.8 LTS and 12.8.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

9.8CVSS9.9AI score0.01298EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:42 a.m.44 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in rack-2.0.7.gem

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of rack-2.0.7.gem Vulnerability Details CVEID:CVE-2022-44572 DESCRIPTION: Rack is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the multipart parsing component...

10CVSS8.7AI score0.35376EPSS
Exploits3Affected Software1
Rows per page
Query Builder