Lucene search
K

251 matches found

Cvelist
Cvelist
added 2025/02/19 10:58 p.m.11 views

CVE-2024-37359 Hitachi Vantara Pentaho Business Analytics Server – Server Side Request Forgery

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. CWE-918 Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0...

8.6CVSS0.00476EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:9 a.m.5 views

CVE-2024-21682

This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 all versions. Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or...

7.2CVSS6.5AI score0.00794EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2024/12/29 2:37 p.m.9 views

CVE-2024-56539

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy field-spanning write warning in mwifiexconfigscan Replace one-element array with a flexible-array member in struct mwifiexietypeswildcardssidparams to fix the following warning on a MT8173 Chromebook...

5.5CVSS6.8AI score0.00288EPSS
Exploits0References4
CVE
CVE
added 2024/11/26 6:25 p.m.97 views

CVE-2024-32965

CVE-2024-32965 concerns Lobe Chat (lobe-chat) before version 1.19.13, with an unauthenticated SSRF vulnerability. The issue allows constructing malicious requests that trigger SSRF to internal services, potentially leaking sensitive information. The weakness is tied to the proxy address and OpenA...

8.6CVSS8AI score0.23716EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/11/26 3:39 p.m.17 views

GHSA-2XCC-VM3F-M8RW @lobehub/chat Server Side Request Forgery vulnerability

Summary lobe-chat before 1.19.13 has an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. Details visit https://chat-preview.lobehub.com/ click settings - llm - openai fill the...

8.1CVSS7.7AI score0.23716EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2024/11/25 5:42 p.m.404 views

Exploit for Improper Access Control in Adobe Coldfusion

CVE-2023-26360 Vulnerability Scanner Overview CVE-2023-2...

9.8CVSS9.3AI score0.97339EPSS
Exploits13
Rapid7 Blog
Rapid7 Blog
added 2024/10/03 1:0 p.m.26 views

Modernizing Your VM Program with Rapid7 Exposure Command: A Path to Effective Continuous Threat Exposure Management

In today’s threat landscape, where cyber-attacks are increasingly sophisticated and pervasive, organizations face the daunting challenge of securing a constantly expanding attack surface. Traditional vulnerability management VM programs, while necessary, are no longer sufficient on their own. The...

7.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/09/16 12:0 a.m.4 views

PT-2024-8611 · D Link · D-Link Dsl6740C

Name of the Vulnerable Software and Affected Versions: D-Link DSL6740C version v6.TR069.20211230 Description: The issue is related to the display of the default WiFi password during network scanning, potentially allowing a remote attacker to perform a brute force attack. This could enable...

6.5CVSS7.4AI score0.00627EPSS
Exploits1References7
The Hacker News
The Hacker News
added 2024/09/02 1:33 p.m.51 views

RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors

Threat actors linked to the RansomHub ransomware group encrypted and exfiltrated data from at least 210 victims since its inception in February 2024, the U.S. government said. The victims span various sectors, including water and wastewater, information technology, government services and...

10CVSS10AI score0.99654EPSS
Exploits117
GithubExploit
GithubExploit
added 2024/07/02 6:32 p.m.2511 views

Exploit for Race Condition in Openbsd Openssh

CVE-2024-6387 - PoC...

8.1CVSS8.8AI score0.99506EPSS
Exploits68
Malwarebytes
Malwarebytes
added 2024/03/25 3:56 p.m.27 views

Securing your home network is long, tiresome, and entirely worth it, with Carey Parker: Lock and Code S05E07

This week on the Lock and Code podcast… Few words apply as broadly to the public—yet mean as little—as “home network security.” For many, a “home network” is an amorphous thing. It exists somewhere between a router, a modem, an outlet, and whatever cable it is that plugs into the wall. But the id...

7.6AI score
Exploits0
OSV
OSV
added 2024/03/06 10:54 a.m.19 views

BIT-GHOST-2020-8134

Server-side request forgery SSRF vulnerability in Ghost CMS 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems...

8.1CVSS7.8AI score0.0122EPSS
Exploits1References2
Information Security Automation
Information Security Automation
added 2024/03/05 6:43 p.m.81 views

February 2024: Vulremi, Vuldetta, PT VM Course relaunch, PT TrendVulns digests, Ivanti, Fortinet, MSPT, Linux PW

February 2024: Vulremi, Vuldetta, PT VM Course relaunch, PT TrendVulns digests, Ivanti, Fortinet, MSPT, Linux PW. Hello everyone! In this episode, I will talk about the February updates of my open source projects, also about projects at my main job at Positive Technologies and interesting...

10CVSS9AI score0.99999EPSS
Exploits111
Malwarebytes
Malwarebytes
added 2024/02/28 7:43 p.m.35 views

Stopping a targeted attack on a Managed Service Provider (MSP) with ThreatDown MDR

In late January 2024, the ThreatDown Managed Detection and Response MDR team found and stopped a three-month long malware campaign against a Managed Service Provider MSP based in Europe. In line with our observations of attackers increasingly relying on legitimate software in their attacks, the...

7.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/02/27 12:0 a.m.27 views

MikroTik RouterOS Confused Deputy (CVE-2019-3924)

MikroTik RouterOS before 6.43.12 stable and 6.42.12 long-term is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for...

7.5CVSS7.4AI score0.15697EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2024/02/22 12:0 a.m.10 views

Atlassian Jira Service Management Assets Discovery < 6.2.1 (JSDSERVER-15067)

The version of the Atlassian Jira Service Management Assets Discovery formerly Insight Discovery app running on the host is affected by a vulnerability as referenced in the JSDSERVER-15067 advisory. - This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 all...

7.2CVSS7AI score0.00794EPSS
Exploits0References2
NVD
NVD
added 2024/02/20 6:15 p.m.31 views

CVE-2024-21682

This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 all versions. Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or...

7.2CVSS6.9AI score0.00794EPSS
Exploits0References4
Prion
Prion
added 2024/02/20 6:15 p.m.27 views

Design/Logic Flaw

This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 all versions. Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or...

5.8CVSS6.8AI score0.00794EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/02/20 6:0 p.m.33 views

CVE-2024-21682

This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 all versions. Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or...

7.2CVSS7.1AI score0.00794EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/02/20 6:0 p.m.16 views

CVE-2024-21682

This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 all versions. Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or...

7.2CVSS6.9AI score0.00794EPSS
Exploits0References4
Rows per page
Query Builder