Lucene search
K

40449 matches found

Packet Storm News
Packet Storm News
added 2025/05/24 12:0 a.m.4 views

Securing Credit Inquiries: the Role of Real-Time User Approval in Preventing SSN Identity Theft

Unauthorized credit inquiries are also a central entry point for identity theft, with Social Security Numbers SSNs being widely utilized in fraudulent cases. Traditional credit inquiry systems do not usually possess strict user authentication, making them vulnerable to unauthorized access. This...

6.9AI score
Exploits0
OSV
OSV
added 2025/05/23 2:0 p.m.3 views

OESA-2025-1553 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Erlang/OTP is a set of libraries for the Erlang...

3.7CVSS6.8AI score0.00442EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 12:0 p.m.8 views

CVE-2025-24369

Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by requesting a challenge, formulates any nonce suc...

2.3CVSS6.8AI score0.004EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:59 a.m.6 views

CVE-2025-24108

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.3. An app may be able to access protected user data...

5.5CVSS6AI score0.00243EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:57 a.m.6 views

CVE-2025-0575

A vulnerability has been found in Union Bank of India Vyom 8.0.34 on Android and classified as problematic. This vulnerability affects unknown code of the component Rooting Detection. The manipulation leads to protection mechanism failure. The attack needs to be approached locally. The complexity...

3.9CVSS6.8AI score0.00164EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:40 a.m.6 views

CVE-2025-24092

This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to read sensitive location information...

5.5CVSS5.6AI score0.00249EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:39 a.m.5 views

CVE-2025-24398

Jenkins Bitbucket Server Integration Plugin 2.1.0 through 4.1.3 both inclusive allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins...

8.8CVSS6.7AI score0.00285EPSS
Exploits0References1
Schneier on Security
Schneier on Security
added 2025/05/23 11:2 a.m.11 views

Signal Blocks Windows Recall

This article gives a good rundown of the security risks of Windows Recall, and the repurposed copyright protection took that Signal used to block the AI feature from scraping Signal data...

7.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:47 a.m.5 views

CVE-2024-49396

The affected product is vulnerable due to insufficiently protected credentials, which may allow an attacker to impersonate Elvaco and send false information...

8.7CVSS6.8AI score0.00371EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:39 a.m.17 views

CVE-2024-47654

This vulnerability exists in Shilpi Client Dashboard due to lack of rate limiting and Captcha protection for OTP requests in certain API endpoint. An unauthenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints, which could lead...

7.5CVSS7.1AI score0.00472EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:36 a.m.13 views

CVE-2024-47082

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable ...

8CVSS7AI score0.00223EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:32 a.m.4 views

CVE-2024-21483

A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC 7KM3120-0BA01-1DA0 All versions = V3.2.3 = V3.2.3 = V3.2.3 = V3.2.3 V3.2.4 only when manufactured between LQN231003... and LQN231215... with LQNYYMMDD.... The read out protection of the internal flash of affected devices was not...

5.1CVSS6.4AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:30 a.m.9 views

CVE-2024-0881

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to rea...

5.4CVSS6.9AI score0.16906EPSS
Exploits2References1
The Hacker News
The Hacker News
added 2025/05/23 10:30 a.m.70 views

SafeLine WAF: Open Source Web Application Firewall with Zero-Day Detection and Bot Protection

From zero-day exploits to large-scale bot attacks — the demand for a powerful, self-hosted, and user-friendly web application security solution has never been greater. SafeLine is currently the most starred open-source Web Application Firewall WAF on GitHub, with over 16.4K stars and a rapidly...

7.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:28 a.m.10 views

CVE-2024-45448

Page table protection configuration vulnerability in the trusted firmware module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

5.5CVSS7AI score0.00099EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:28 a.m.10 views

CVE-2024-6348

Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima 2022 allows attackers to predict the requested seeds and bypass security controls via repeated ECU resets and seed requests...

7.5CVSS7AI score0.0041EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:21 a.m.9 views

CVE-2024-33883

The ejs aka Embedded JavaScript templates package before 3.1.10 for Node.js lacks certain pollution protection...

4CVSS4.2AI score0.00614EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:13 a.m.10 views

CVE-2024-5616

A Cross-Site Request Forgery CSRF vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attackers to trick victims into deleting installed models. By crafting a malicious HTML page, an attacker can cause the deletion of a model, such as 'gpt-4-vision-preview',...

4.3CVSS6.8AI score0.00242EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:6 a.m.7 views

CVE-2024-1526

The Hubbub Lite WordPress plugin before 1.33.1 does not ensure that user have access to password protected post before displaying its content in a meta tag...

5.3CVSS6.8AI score0.00516EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:0 a.m.4 views

CVE-2024-23275

A race condition was addressed with additional validation. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to access protected user data...

4.7CVSS6.6AI score0.00171EPSS
Exploits0References1
Rows per page
Query Builder