251 matches found
CVE-2024-37359 Hitachi Vantara Pentaho Business Analytics Server – Server Side Request Forgery
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. CWE-918 Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0...
CVE-2024-21682
This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 all versions. Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or...
CVE-2024-56539
In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy field-spanning write warning in mwifiexconfigscan Replace one-element array with a flexible-array member in struct mwifiexietypeswildcardssidparams to fix the following warning on a MT8173 Chromebook...
CVE-2024-32965
CVE-2024-32965 concerns Lobe Chat (lobe-chat) before version 1.19.13, with an unauthenticated SSRF vulnerability. The issue allows constructing malicious requests that trigger SSRF to internal services, potentially leaking sensitive information. The weakness is tied to the proxy address and OpenA...
GHSA-2XCC-VM3F-M8RW @lobehub/chat Server Side Request Forgery vulnerability
Summary lobe-chat before 1.19.13 has an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. Details visit https://chat-preview.lobehub.com/ click settings - llm - openai fill the...
Exploit for Improper Access Control in Adobe Coldfusion
CVE-2023-26360 Vulnerability Scanner Overview CVE-2023-2...
Modernizing Your VM Program with Rapid7 Exposure Command: A Path to Effective Continuous Threat Exposure Management
In today’s threat landscape, where cyber-attacks are increasingly sophisticated and pervasive, organizations face the daunting challenge of securing a constantly expanding attack surface. Traditional vulnerability management VM programs, while necessary, are no longer sufficient on their own. The...
PT-2024-8611 · D Link · D-Link Dsl6740C
Name of the Vulnerable Software and Affected Versions: D-Link DSL6740C version v6.TR069.20211230 Description: The issue is related to the display of the default WiFi password during network scanning, potentially allowing a remote attacker to perform a brute force attack. This could enable...
RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors
Threat actors linked to the RansomHub ransomware group encrypted and exfiltrated data from at least 210 victims since its inception in February 2024, the U.S. government said. The victims span various sectors, including water and wastewater, information technology, government services and...
Exploit for Race Condition in Openbsd Openssh
CVE-2024-6387 - PoC...
Securing your home network is long, tiresome, and entirely worth it, with Carey Parker: Lock and Code S05E07
This week on the Lock and Code podcast… Few words apply as broadly to the public—yet mean as little—as “home network security.” For many, a “home network” is an amorphous thing. It exists somewhere between a router, a modem, an outlet, and whatever cable it is that plugs into the wall. But the id...
BIT-GHOST-2020-8134
Server-side request forgery SSRF vulnerability in Ghost CMS 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems...
February 2024: Vulremi, Vuldetta, PT VM Course relaunch, PT TrendVulns digests, Ivanti, Fortinet, MSPT, Linux PW
February 2024: Vulremi, Vuldetta, PT VM Course relaunch, PT TrendVulns digests, Ivanti, Fortinet, MSPT, Linux PW. Hello everyone! In this episode, I will talk about the February updates of my open source projects, also about projects at my main job at Positive Technologies and interesting...
Stopping a targeted attack on a Managed Service Provider (MSP) with ThreatDown MDR
In late January 2024, the ThreatDown Managed Detection and Response MDR team found and stopped a three-month long malware campaign against a Managed Service Provider MSP based in Europe. In line with our observations of attackers increasingly relying on legitimate software in their attacks, the...
MikroTik RouterOS Confused Deputy (CVE-2019-3924)
MikroTik RouterOS before 6.43.12 stable and 6.42.12 long-term is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for...
Atlassian Jira Service Management Assets Discovery < 6.2.1 (JSDSERVER-15067)
The version of the Atlassian Jira Service Management Assets Discovery formerly Insight Discovery app running on the host is affected by a vulnerability as referenced in the JSDSERVER-15067 advisory. - This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 all...
CVE-2024-21682
This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 all versions. Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or...
Design/Logic Flaw
This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 all versions. Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or...
CVE-2024-21682
This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 all versions. Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or...
CVE-2024-21682
This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 all versions. Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or...