CVE-2025-1335 CmsEasy file_admin.php deleteimg_action path traversal

A vulnerability, which was classified as problematic, was found in CmsEasy 7.7.7.9. Affected is the function deleteimgaction in the library lib/admin/fileadmin.php. The manipulation of the argument imgname leads to path traversal. It is possible to launch the attack remotely. The exploit has been...

Announcing TotalCloud Attack Path, Cloud Workflow Automation, and 3-Step Simplified User Onboarding for Qualys TotalCloud CNAPP

The shift of business applications and infrastructure to the cloud has heightened the need for security teams to manage cyber risks comprehensively, ensuring visibility and control across diverse cloud environments. As organizations increasingly adopt multi-cloud environments, they often find...

Modernizing Your VM Program with Rapid7 Exposure Command: A Path to Effective Continuous Threat Exposure Management

In today’s threat landscape, where cyber-attacks are increasingly sophisticated and pervasive, organizations face the daunting challenge of securing a constantly expanding attack surface. Traditional vulnerability management VM programs, while necessary, are no longer sufficient on their own. The...

PT-2024-25732 · Totolink · Totolink Ac1200 Wireless Router

Name of the Vulnerable Software and Affected Versions: TOTOLINK AC1200 Wireless Router A3002R Firmware version 1.1.1-B20200824 Description: The issue is related to a Buffer Overflow vulnerability in the boa server program's CGI handling function formWlEncrypt, due to a lack of length restriction ...

New Cloud Risk Dashboard: Identifying Toxic Combinations to Drive Faster Remediation

Co-authored by Andrea Ruddy Risks identified within a cloud environment compound to represent a real threat of exploitation. Our cloud risk scoring, introduced recently to insightCloudSec, focuses on these toxic combinations. Toxic combinations are attractive for bad actors who can target multipl...

What’s New in Rapid7 Products & Services: Q2 2024 in Review

This quarter we continued to make investments that provide security professionals with a holistic, actionable view of their entire attack surface. In Q2, we focused on enhancing visualization, prioritization, and integration capabilities across our key products and services. Below we’ve highlight...

New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs

A new report from XM Cyber has found – among other insights - a dramatic gap between where most organizations focus their security efforts, and where the most serious threats actually reside. The new report, Navigating the Paths of Risk: The State of Exposure Management in 2024, is based on...

CVE-2024-29955

Summary (CVE-2024-29955): Brocade SANnav before v2.3.1 and v2.3.0a is affected by a vulnerability where a privileged user can print the SANnav encrypted key in PostgreSQL startup logs due to insufficient protection of registration data in the PostgreSQL component. This could allow attackers with ...

Expanded Coverage and New Attack Path Visualizations Help Security Teams Prioritize Cloud Risk and Understand Blast Radius

Cloud environments differ in a number of ways from more traditional on-prem environments. From the immense scale and compounding complexity to the rate of change, the cloud creates a host of challenges for security teams to navigate and grapple with. By definition, anything running in the cloud h...

CISA Releases Analysis of FY22 Risk and Vulnerability Assessments

CISA has released an analysis and infographic detailing the findings from the 121 Risk and Vulnerability Assessments RVAs conducted across multiple critical infrastructure sectors in fiscal year 2022 FY22. The analysis details a sample attack path including tactics and steps a cyber threat actor...

Uncover and Remediate Toxic Combinations with Attack Path Analysis

Particularly at enterprise scale, it’s not uncommon to have hundreds of thousands of resources running across your cloud environments at any given time. Of course, these resources aren’t running independently. In modern environments, these resources are all interconnected and in many cases...

Introducing new Microsoft Defender for Cloud innovations to strengthen cloud-native protections

Security teams face an expanding attack surface as organizations increasingly use cloud-native services to develop, deploy, and manage applications across their multicloud and hybrid environments. Their challenge is compounded by incomplete visibility, siloed processes, and a lack of prioritized...

Introducing new Microsoft Defender for Cloud innovations to strengthen cloud-native protections

Security teams face an expanding attack surface as organizations increasingly use cloud-native services to develop, deploy, and manage applications across their multicloud and hybrid environments. Their challenge is compounded by incomplete visibility, siloed processes, and a lack of prioritized...

A new vision for cloud security unites builders and defenders

Our introduction of attack path analysis APA and Cloud Detection and Response CDR further enriches the context provided by our foundational Wiz Security Graph...

CVE-2021-3933

An integer overflow could occur when OpenEXR processes a crafted file on systems where sizet 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths...

Report to Your Management with the Definitive 'Incident Response for Management' Presentation Template

Security incidents occur. It's not a matter of 'if' but of 'when.' There are security products and procedures that were implemented to optimize the IR process, so from the 'security-professional' angle, things are taken care of. However, many security pros who are doing an excellent job in handli...

Azure Functions Weakness Allows Privilege Escalation

A privilege-escalation vulnerability Microsoft’s Azure Functions cloud container feature could ultimately allow a user to escape the container, according to researchers. Intezer researchers dubbed the bug “Royal Flush” after a flush-to-disk limitation that an exploit would need to evade. Flushing...

iOS 8.1.2 jailbreak process in detail and the associated vulnerability analysis-vulnerability warning-the black bar safety net

This paper mainly introduces: Yourself to escape the understanding of iOS 8.1.2 jailbreak tool working process The jailbreak process using the vulnerability Each vulnerability using the method Hope through this article to let everyone know about the jailbreak process, the jailbreak required...

Google Ups Chrome Rewards, Offers More Money For Exploits

Google is again increasing the amount of money it offers to researchers who report vulnerabilities in Chrome as part of the company’s bug bounty program. Now, researchers will be able to earn $15,000 at the high end of the scale, and Google also is offering more cash for researchers who can submi...