CVE-2023-47865

Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the...

PentestPad: Platform for Pentest Teams

In the ever-evolving cybersecurity landscape, the game-changers are those who adapt and innovate swiftly. Pen test solutions not only supercharge productivity but also provide a crucial layer of objectivity, ensuring efficiency and exceptional accuracy. The synergy between a skilled penetration...

Strategic Tips to Optimize Cybersecurity Consolidation

Say goodbye to security silos. Organizations are eager to take advantage of cybersecurity consolidation and make their security environments more manageable. Evolving incrementally and adopting a platform that supports third-party integrations are key to reducing cybersecurity complexity...

Fides Code Issues Vulnerabilities

Fides is an open source privacy engineering platform for managing the implementation of data privacy requests in a runtime environment and the enforcement of privacy regulations in code. A security vulnerability exists in versions of Fides prior to 2.22.1 that stems from allowing custom...

Introducing the Microsoft AI Bug Bounty Program featuring the AI-powered Bing experience

Today at BlueHat we announced the new Microsoft AI bug bounty program with awards up to $15,000. This new bounty program features the AI-powered Bing experience as the first in scope product. The following products and integrations are eligible for bounty awards: AI-powered Bing experiences on...

Qualys Named a Market Leader in GigaOm Radar Report for Application Security Testing

Qualys Web Application Scanning WAS has been named a leader in the GigaOm Radar Report for Application Security Testing, 2023. Web app security is critical for every organization, for attacks on this vector caused 25% of breaches, according to the Verizon 2023 Data Breach Investigations Report. T...

Malicious code in @zettle-bo/integrations (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1f1d37dda5bbd9abe0b6406a408e4cc6d849f90c1602e3455ce8de0b9fc50fa1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PCI DSS v4: Uncovering Web Skimming Threats with Payment Integrations

...

CVE-2023-41319

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows custom integrations to be uploaded as a ZIP file. This ZIP file must contain YAML...

PT-2023-27904 · Fides · Fides

Name of the Vulnerable Software and Affected Versions: Fides versions 2.11.0 through 2.19.0 Description: The Fides webserver API allows custom integrations to be uploaded as a ZIP file, which can contain YAML files and custom Python code. The custom code is executed in a restricted environment, b...

grafana security update

9.0.9-3 - resolve CVE-2023-3128 grafana: Remove Email Lookup from oauth integrations rhbz2213701 rhbz2213626...

JumpCloud Resets API Keys Amid Ongoing Cybersecurity Incident

JumpCloud, a provider of cloud-based identity and access management solutions, has swiftly reacted to an ongoing cybersecurity incident that impacted some of its clients. As part of its damage control efforts, JumpCloud has reset the application programming interface API keys of all customers...

Hive Pro Announces Release of Version 3.0.1 of Threat Exposure Management Platform

Introducing Self-Service SaaS for HivePro Uni5 Flagship Product and Enhanced Visualizations for Improved Cybersecurity Insights Milpitas, CA – 6th July 2023—Hive Pro, a pioneer in the Threat Exposure Management market, is thrilled to announce the release of version 3.0.1 of the Hive Pro: Threat...

Generative-AI apps & ChatGPT: Potential risks and mitigation strategies

Losing sleep over Generative-AI apps? You're not alone or wrong. According to the Astrix Security Research Group, mid size organizations already have, on average, 54 Generative-AI integrations to core systems like Slack, GitHub and Google Workspace and this number is only expected to grow. Contin...

Cyber Asset Attack Surface Management 101

Understanding CAASM This article was written by Ethan Smart, Co-Founder and Chief Solution Architect, appNovi a Rapid7 integration partner. It's essential for security and IT teams to have a comprehensive view and control of their cyber assets. This is why Cyber Asset Attack Surface Management...

Home Assistant < 2021.1.3 Path Traversal Vulnerability

Home Assistant instances using custom integrations are prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

WordPress Plugin JobSearch WP Job Board 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

Cross-site Scripting (XSS)

concrete5/concrete5 is vulnerable to Cross-site Scripting XSS. The vulnerability exists via the name parameter on API integrations due to lack of sanitization which allows an attacker to inject and execute malicious javascript...

Virtuozzo Hybrid Infrastructure 5.4 Update 2 (5.4.2-58)

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover the compute services, core and object storage, integrations, monitoring and alerts. Additionally, this release delivers stability improvements and addresses issues found in previous releases. Vulnerabilit...

Stored cross site scripting on API integration

Concrete CMS previously concrete5 before 9.2 is vulnerable to stored XSS on API Integrations via the name parameter...