Takeaways From The Take Command Summit: Navigating Modern SOC Challenges

At our recent Take Command summit, experts delved into the pressing challenges faced by SOC teams. With 2,365 more data breaches in 2023 than in 2022 74% of which were a direct result of cyber attacks, the need for robust security operations has never been greater. Key takeaways from the 25 minut...

CVE-2024-6099

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. This is due to missing checks in the 'checkvalidatefields' function in the checkout. This makes it possible for unauthenticated...

The vulnerability of the Zenml framework for creating machine learning pipelines, related to the incorrect validity period of a session, allows attackers to bypass the authentication process.

The vulnerability of the Zenml machine learning pipeline creation framework is related to an incorrect session duration. Exploiting this vulnerability can allow a malicious actor to bypass the authentication process...

Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks

Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques. The vulnerability, tracked as CVE-2024-5565 CVSS score: 8.1, relates to a case of prompt injection...

[SECURITY] Fedora 40 Update: moodle-4.3.5-1.fc40

Moodle is a course management system CMS - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities...

[SECURITY] Fedora 39 Update: moodle-4.3.5-1.fc39

Moodle is a course management system CMS - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities...

Fedora: Security Advisory (FEDORA-2024-020937763e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Malicious code in tensor-processor-learning (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Number withdrawn

ZenML is an extensible open source MLOps framework for creating portable, production-ready machine learning pipelines. This CVE number has been withdrawn...

WordPress Academy LMS plugin <= 2.0.10 - Open Redirection vulnerability

Open Redirection vulnerability discovered by Mochamad Sofyan Patchstack Alliance in WordPress Plugin Academy LMS versions = 2.0.10...

edu-sharing Permission and Access Control Issues Vulnerability

edu-sharing is an open source e-learning integration solution from edu-sharing, Inc. A security vulnerability exists in edu-sharing that stems from allowing the upload of arbitrary files...

CVE-2024-37902

Summary: CVE-2024-37902 affects the Java DeepJavaLibrary (DJL) up to version 0.27.0. The root cause is an absolute-path handling flaw in archived artifacts that can insert files directly into the system and overwrite system files. The issue is fixed in DJL v0.28.0 and also patched in the DJL Larg...

CVE-2024-37902 Path thraversal in DeepJavaLibrary

DeepJavaLibraryDJL is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model...

CVE-2024-37840

SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID parameter...

CVE-2024-37840

SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID parameter...

Mitigating SSRF Vulnerabilities Impacting Azure Machine Learning

Summary On May 9, 2024, Microsoft successfully addressed multiple vulnerabilities within the Azure Machine Learning AML service, which were initially discovered by security research firms Wiz and Tenable. These vulnerabilities, which included Server-Side Request Forgeries SSRF and a path traversa...

itsourcecode Learning Management System Security Vulnerability

itsourcecode Learning Management System is a learning management system from itsourcecode, Inc. A security vulnerability exists in itsourcecode Learning Management System v1.0, which stems from an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL commands via the...

CVE-2024-37840

SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID parameter...

PT-2024-27776 · Unknown · Itsourcode Learning Management System

Name of the Vulnerable Software and Affected Versions: Itsourcecode Learning Management System Project In PHP With Source Code version 1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the LessonID parameter in the processscore.php file...

The vulnerability of the ML lifecycle management platform, which stems from the lack of measures taken to protect the website structure, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the MLflow model lifecycle management platform exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...