Lucene search
K

2474 matches found

Prion
Prion
added 2023/11/06 6:15 p.m.17 views

Authorization

An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals...

4CVSS6.5AI score0.00373EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/11/06 5:30 p.m.34 views

CVE-2023-4700 Missing Authorization in GitLab

An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals...

3.5CVSS6.7AI score0.00373EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2023/11/06 5:30 p.m.35 views

CVE-2023-4700

Removed by vendor...

6.5CVSS6.6AI score0.00373EPSS
Exploits0
Wiz blog
Wiz blog
added 2023/11/06 5:0 p.m.14 views

Ensuring Supply Chain Security: Verify container image integrity with the Wiz Admission Controller

The Wiz admission controller simplifies supply chain security by ensuring only trusted container images can be deployed in Kubernetes environments...

7.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/11/06 12:0 a.m.1 views

PT-2023-30288 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 14.7 through 16.3.5 GitLab EE versions 16.4 through 16.4.1 GitLab EE versions 16.5 through 16.5.0 Description: An authorization issue affecting GitLab EE allowed a user to run jobs in protected environments, bypassing any...

6.5CVSS6.5AI score0.00373EPSS
Exploits0References8
The Hacker News
The Hacker News
added 2023/11/03 6:3 a.m.94 views

48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems

A new set of 48 malicious npm packages have been discovered in the npm repository with capabilities to deploy a reverse shell on compromised systems. "These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to initiate a reverse shell on package install,"...

7.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2023/10/27 12:0 a.m.56 views

CVE-2023-46604

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to caus...

10CVSS9.9AI score0.99654EPSS
In wildExploits31References13
BDU FSTEC
BDU FSTEC
added 2023/10/27 12:0 a.m.6 views

The vulnerability of the Avast Premium Security antivirus protection lies in its lack of access control mechanisms within isolated environments. This allows attackers to enhance their privileges and execute arbitrary codes.

The vulnerability of the Avast Premium Security antivirus protection lies in its lack of access control mechanisms in isolated environments when processing namespace objects. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary code...

7.8CVSS7.5AI score0.00396EPSS
Exploits0References3
Trend Micro Simply Security
Trend Micro Simply Security
added 2023/10/26 12:0 a.m.19 views

Strategic Tips to Optimize Cybersecurity Consolidation

Say goodbye to security silos. Organizations are eager to take advantage of cybersecurity consolidation and make their security environments more manageable. Evolving incrementally and adopting a platform that supports third-party integrations are key to reducing cybersecurity complexity...

6.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/10/25 9:30 p.m.41 views

Ingress nginx annotation injection causes arbitrary command execution

Issue Details A security issue was identified in ingress-nginx where the nginx.ingress.kubernetes.io/configuration-snippet annotation on an Ingress object in the networking.k8s.io or extensions API group can be used to inject arbitrary commands, and obtain the credentials of the ingress-nginx...

8.8CVSS7.4AI score0.02234EPSS
Exploits0References6Affected Software1
RedHat Linux
RedHat Linux
added 2023/10/25 5:59 p.m.61 views

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.8.3 security and bug fix updates

Red Hat Advanced Cluster Management for Kubernetes 2.8.3 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

7.5CVSS8.9AI score0.99999EPSS
Exploits19References45
CVE
CVE
added 2023/10/24 10:51 p.m.76 views

CVE-2023-46124

CVE-2023-46124 affects the Fides web application. Specially crafted YAML dataset/configs uploaded as a ZIP can trigger Server-Side Request Forgery, allowing a malicious user to issue arbitrary requests to internal resources (including localhost) and exfiltrate data. The root cause is inadequate v...

8.2CVSS7.5AI score0.00675EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/24 9:59 p.m.12 views

CVE-2023-46126 Fides JavaScript Injection Vulnerability in Privacy Center URL

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability mak...

3.9CVSS6.7AI score0.00607EPSS
Exploits0References3
OSV
OSV
added 2023/10/24 9:59 p.m.32 views

CVE-2023-46126 Fides JavaScript Injection Vulnerability in Privacy Center URL

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability mak...

3.9CVSS5.3AI score0.00607EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/10/24 12:0 a.m.8 views

PT-2023-6562

Name of the Vulnerable Software and Affected Versions Intel Processors affected versions not specified Description A sequence of processor instructions can lead to unexpected behavior in some Intel processors, potentially allowing an authenticated user to enable escalation of privilege, informati...

8.8CVSS8AI score0.03882EPSS
Exploits3References200
ATTACKERKB
ATTACKERKB
added 2023/10/20 7:15 a.m.4 views

CVE-2023-4274

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 0.9.89. This allows authenticated attackers with administrative privileges to delete the contents of arbitrary directories on the server, which can be a critical...

8.7CVSS6.9AI score0.01219EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2023/10/20 7:15 a.m.28 views

Directory traversal

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 0.9.89. This allows authenticated attackers with administrative privileges to delete the contents of arbitrary directories on the server, which can be a critical...

4.7CVSS6.3AI score0.01219EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/10/20 6:35 a.m.20 views

CVE-2023-5414 Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read

The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the showeslogs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including...

9.1CVSS9.1AI score0.01031EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2023/10/20 12:0 a.m.21 views

Migration, Backup, Staging – WPvivid < 0.9.90 - Admin+ Arbitrary Directory Deletion via Path Traversal

Description The plugin is vulnerable to Directory Traversal allowing authenticated bad actors with administrative privileges to delete the contents of arbitrary directories on the server, which can be a critical issue in a shared environments...

8.7CVSS6.4AI score0.01219EPSS
Exploits1Affected Software1
The Hacker News
The Hacker News
added 2023/10/18 11:42 a.m.30 views

Unraveling Real-Life Attack Paths – Key Lessons Learned

In the ever-evolving landscape of cybersecurity, attackers are always searching for vulnerabilities and exploits within organizational environments. They don't just target single weaknesses; they're on the hunt for combinations of exposures and attack methods that can lead them to their desired...

7.4AI score
Exploits0
Rows per page
Query Builder