EUVD-2024-49231

Malicious code in bioql PyPI...

CVE-2024-55952 Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability

DataEase is an open source business analytics tool. Authenticated users can remotely execute code through the backend JDBC connection. When constructing the jdbc connection string, the parameters are not filtered. Constructing the host as...

CVE-2024-8513

The QA Analytics – Web Analytics Tool with Heatmaps & Session Replay Across All Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsavepluginconfig function in all versions up to, and including, 4.1.0.0. This makes it possibl...

PT-2023-3803 · Sonicwall · Sonicwall Gms +1

Name of the Vulnerable Software and Affected Versions: SonicWall GMS versions 9.3.2-SP1 and earlier SonicWall Analytics versions 2.5.0.4-R7 and earlier Description: The issue is related to a lack of restrictions on file uploads, allowing an unauthenticated attacker to upload files to a restricted...

CVE-2023-32325

CVE-2023-32325 affects the PostHog-js library. Versions prior to 1.57.2 are vulnerable to cross-site scripting due to improper handling in the library. The issue has been patched in 1.57.2. Users should upgrade to 1.57.2 or later. If upgrading is not possible, enforce a strong Content Security Po...

Semrush: Broken validation of user Id for JWT Token

Traffic Analytics Tool TA uses JWT tokens to store user subscription information without any kind of personal information. JWT tokens are created by passing a user ID. There was an error with validation of user Id for JWT token...

Android NVIDIA Analytics Tool Sensitive Information Disclosure Vulnerability

Android is an open source operating system based on Linux. A security vulnerability in Android's NVIDIA Analytics tool allows remote attackers to exploit the vulnerability to build malicious applications that can access sensitive information...

Cisco Acquires OpenDNS for $635 Million

Cisco continues to spend on security, today announcing its intent to acquire San Francisco-based OpenDNS for $635 million. OpenDNS’ domain name system and cloud-based security services bring threat data collected from those platforms to Cisco’s security offerings. “To build on Cisco’s advanced...

Predictive Security Analytics Tool Available Free to Researchers

SAN JUAN, Puerto Rico – Dan Hubbard has lately been a regular face at a lot of big data meet-ups. He’s also often been the lone security face at these meet-ups, which are dominated by analytics, search, social media and advertising professionals. That may change soon for the CTO of DNS and securi...