Lucene search
K

67 matches found

Rapid7 Blog
Rapid7 Blog
added 2025/02/25 1:51 p.m.10 views

Command Platform Innovations Eliminate Data Blind Spots Through Complete Visibility and Context-Driven Risk Prioritization

Rapid7 provides unmatched attack surface visibility through the Command Platform, helping security teams identify, prioritize, and remediate risk across hybrid environments. Surface Command is the only solution available that combines native external and internal scanning into a single unified vi...

6.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/01/06 12:0 a.m.3 views

PT-2025-1194 · Ibm · Ibm Concert

Name of the Vulnerable Software and Affected Versions: IBM Concert Software versions 1.0.0 through 1.0.3 Description: The issue is related to the failure to properly enable HTTP Strict Transport Security, which could allow a remote attacker to obtain sensitive information using man-in-the-middle...

5.9CVSS5.6AI score0.00256EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2024/11/20 12:0 a.m.7 views

The vulnerability of the OIDC protocol implementation in the IT service management tool Ivanti Neurons for ITSM allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the OpenID Connect OIDC implementation of the IT service management tool Ivanti Neurons for ITSM is related to insufficient protection of sensitive data. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

10CVSS7.7AI score0.01639EPSS
Exploits0References4Affected Software1
CISA
CISA
added 2024/11/12 12:0 p.m.5 views

CISA, FBI, NSA, and International Partners Release Joint Advisory on 2023 Top Routinely Exploited Vulnerabilities

Today, the Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, National Security Agency NSA, and international partners released joint Cybersecurity Advisory, 2023 Top Routinely Exploited Vulnerabilities. This advisory supplies details on the top Common...

7.2AI score
Exploits0References2
The Hacker News
The Hacker News
added 2024/08/26 10:31 a.m.20 views

Unpacking Slack Hacks: 6 Ways to Protect Sensitive Data with Secure Collaboration

Nowadays, sensitive and critical data is traveling in everyday business channels that offer only the basic level of security and encryption, and companies are often oblivious to the risk. A case in point: Disney suffered a devastating data leak by a hacktivist group known as NullBulge that got ho...

7.3AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/07/17 12:0 a.m.7 views

The vulnerability of the input/output device management component of the IOHIDFamily in operating systems such as iPadOS and iOS, as well as macOS, allows attackers to disclose protected information.

The vulnerability of the input/output device management component of the IOHIDFamily in iPadOS, iOS, and macOS is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow attackers to disclose protected information...

3.3CVSS7.5AI score0.00237EPSS
Exploits0References10Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/03/22 12:0 a.m.4 views

The vulnerability of the Windows operating system’s kernel allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Windows operating system’s kernel is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

5.5CVSS6.6AI score0.0113EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/11/17 12:0 a.m.6 views

The vulnerability of the Hyper-V hardware virtualization system for Windows operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Hyper-V hardware virtualization technology for Windows operating systems is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

5.5CVSS6.6AI score0.00754EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.2 views

PT-2023-20749 · Idweb · Idweb

Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue concerns an unauthenticated SQL injection in the GetExcursionDetails method. This allows unauthenticated attackers to extract or modify all data. Recommendations: For...

9.8CVSS9.4AI score0.00556EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/10/17 12:0 a.m.3 views

The vulnerability of software platforms for developing and managing Magento Open Source and Adobe Commerce online stores lies in the insufficient protection of sensitive data. This allows attackers to gain unauthorized access to protected information or cause service failures.

The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or cause...

7.6CVSS5.6AI score0.00675EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/10/03 12:0 a.m.5 views

The vulnerability of Zoom’s video conferencing software lies in the insufficient protection of sensitive data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of Zoom’s video conferencing software is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

8.5CVSS7.4AI score0.00808EPSS
Exploits0References3Affected Software3
BDU FSTEC
BDU FSTEC
added 2023/09/29 12:0 a.m.8 views

The vulnerability of the keyinstall component in MediaTek’s microprogramming software allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the keyinstall component in MediaTek’s microprogramming software is related to insufficient protection of sensitive data due to incorrect validation of input data. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...

4.6CVSS5.5AI score0.00104EPSS
Exploits0References4
OSV
OSV
added 2023/05/10 5:55 p.m.5 views

SUSE-SU-2023:2164-1 Security update for cloud-init

This update for cloud-init contains following fixes: - CVE-2021-3429: Do not write the generated password to the log file. bsc1184758 - CVE-2023-1786: Do not expose sensitive data gathered from the CSP. bsc1210277 Other fixes: - Change log file creation mode to 640. bsc1183939 - Write proper...

5.5CVSS5.5AI score0.00263EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2023/04/03 12:0 a.m.8 views

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird on Windows operating systems is related to insufficient protection of sensitive data. This vulnerability allows attackers to compromise the confidentiality and integrity of protected information.

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird on Windows operating systems is related to insufficient protection of sensitive data during the processing of save requests through the “Save As” dialog box. Exploiting this vulnerability can allow an attacker to...

6.4CVSS6.7AI score0.00798EPSS
Exploits0References11Affected Software4
Microsoft Malware Protection
Microsoft Malware Protection
added 2023/03/22 4:0 p.m.26 views

Microsoft recognized as a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023

Organizations need to protect their sensitive data including intellectual property, trade secrets, customer data, and personally identifiable information from both insiders and external cyber attackers. In fact, 80 percent of organizations experience more than one data breach in their lifetime.1...

6.5AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/02/10 12:0 a.m.7 views

The vulnerability of the MySQL Connector/J component of the Apache Linkis application connection, management, and orchestration software allows a hacker to gain read access to arbitrary files.

The vulnerability of the MySQL Connector/J component of the Apache Linkis application programming interface, which involves connection management and orchestration, stems from insufficient protection of sensitive data when processing the AllowLoadLocalInfile parameter with a value of true...

6.8CVSS6.7AI score0.01161EPSS
Exploits0References7Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/01/30 12:0 a.m.5 views

The vulnerability of the Point-to-Point Protocol (PPP) implementation in Windows operating systems allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Point-to-Point Protocol PPP implementation in Windows operating systems is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

5.3CVSS6.5AI score0.01374EPSS
Exploits0References2
Microsoft Secure
Microsoft Secure
added 2022/12/13 5:0 p.m.22 views

4 things to look for in a multicloud data protection solution

What does it mean to be a multicloud organization? As the name implies, the term describes a model of cloud computing where an organization uses multiple clouds—two or more public clouds, private clouds, or a combination of public, private, and edge clouds—to distribute applications and services...

Exploits0
Vulnrichment
Vulnrichment
added 2022/12/12 1:49 a.m.8 views

CVE-2022-43515 X-Forwarded-For header is active by default causes access to Zabbix sites in maintenance mode

Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being...

5.3CVSS6.9AI score0.01207EPSS
Exploits1References2
OSV
OSV
added 2022/12/05 7:15 p.m.9 views

CVE-2022-43515

Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being...

9.8CVSS9.3AI score
Exploits0References3
Rows per page
Query Builder