Lucene search
K

383 matches found

OSV
OSV
added 2024/06/25 1:46 p.m.7 views

MAL-2024-6460 Malicious code in activemodel-behavior-validator (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0References1
NVD
NVD
added 2024/06/18 9:15 p.m.68 views

CVE-2024-6129

A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to launch the attack...

6.3CVSS0.00605EPSS
Exploits1References4
NVD
NVD
added 2024/06/18 9:15 p.m.35 views

CVE-2024-6128

A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipulation of the argument quantity with the input -10 leads to enforcement of behavioral workflow. T...

6.9CVSS0.00537EPSS
Exploits1References4
CVE
CVE
added 2024/06/18 9:0 p.m.53 views

CVE-2024-6129

CVE-2024-6129 affects spa-cartcms 1.9.0.6, specifically the Username Handler component’s /login function where manipulating the email argument causes observable behavior differences. All connected sources confirm remote exposure with high attack complexity and a disclosed exploit; exploitation st...

6.3CVSS4.2AI score0.00605EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/18 9:0 p.m.13 views

CVE-2024-6129 spa-cartcms Username login observable behavioral discrepancy

A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to launch the attack...

6.3CVSS7.1AI score0.00605EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/06/18 9:0 p.m.16 views

CVE-2024-6128 spa-cartcms Checkout Page checkout behavioral workflow

A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipulation of the argument quantity with the input -10 leads to enforcement of behavioral workflow. T...

6.9CVSS6.9AI score0.00537EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/06/18 9:0 p.m.32 views

CVE-2024-6128 spa-cartcms Checkout Page checkout behavioral workflow

A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipulation of the argument quantity with the input -10 leads to enforcement of behavioral workflow. T...

6.9CVSS0.00537EPSS
Exploits1References4
CVE
CVE
added 2024/06/18 9:0 p.m.60 views

CVE-2024-6128

Spa-Cartcms (spa-cartcms) v1.9.0.6 Checkout Page has a vulnerability in the /checkout processing where manipulating the quantity argument with -10 enforces a behavioral workflow. The issue is remotely triggerable and publicly disclosed. The PT-2024-37404 entry provides concrete details and recomm...

6.9CVSS5.4AI score0.00537EPSS
Exploits1References4Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2024/05/13 3:6 p.m.23 views

Rapid7 Recognized in the 2024 Gartner® Magic Quadrant™ for SIEM

Command Your Attack Surface with a next-gen SIEM built for the Cloud First Era Rapid7 is excited to share that we are named a Challenger for InsightIDR in the 2024 Gartner Magic Quadrant for SIEM. In a crowded and constantly changing space, this is our sixth time to be recognized in the report...

7.3AI score
Exploits0
HackRead
HackRead
added 2024/04/21 12:37 p.m.47 views

Androxgh0st Malware Compromises Servers Worldwide for Botnet Attack

By Deeba Ahmed Veriti Research exposes surge in Androxgh0st attacks, exploiting CVEs and building botnets for credential theft. Patch systems, monitor for web shells, and use behavioral analysis to protect yourself. This is a post from HackRead.com Read the original post: Androxgh0st Malware...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/03/27 3:24 p.m.35 views

Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite

Indian government entities and energy companies have been targeted by unknown threat actors with an aim to deliver a modified version of an open-source information stealer malware called HackBrowserData and exfiltrate sensitive information in some cases by using Slack as command-and-control C2...

7.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2024/02/28 7:9 p.m.22 views

Navigating the Waters of Generative AI

Part I: The Good and the Bad of AI Few would argue that 2023 was the year AI, specifically generative AI Gen AI like ChatGPT, was discussed everywhere. In October, Forrester published a report about how security tools will leverage AI. The findings in that report showed that Gen AI would augment...

7.4AI score
Exploits0
HackRead
HackRead
added 2024/02/13 2:25 p.m.7 views

Beyond the Charts -The Human Factor in Cybersecurity and Financial Decisions

By Owais Sultan Beneath the surface of those analytical gear lies a crucial element that regularly shapes the future of investments… This is a post from HackRead.com Read the original post: Beyond the Charts -The Human Factor in Cybersecurity and Financial Decisions...

7.3AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2024/02/02 3:42 p.m.24 views

Wallarm’s Crusade Against Rising Credential Stuffing Threats

Credential Stuffing, a vital yet often overlooked aspect of cybersecurity, needs to be addressed with urgency. An alarmingly large segment of the population engages in the risky habit of using the same password for various accounts. This behavior parallels the risk of using a universal key for...

7.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/01/26 12:9 p.m.17 views

Chatbots and Human Conversation

For most of history, communicating with a computer has not been like communicating with a person. In their earliest years, computers required carefully constructed instructions, delivered through punch cards; then came a command-line interface, followed by menus and options and text boxes. If you...

6.9AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2023/11/22 9:15 a.m.6 views

CVE-2023-5921

Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass. This issue affects Geodi: before 8.0.0.27396...

7.1CVSS5.8AI score0.00248EPSS
Exploits0References3
OSV
OSV
added 2023/11/22 9:15 a.m.4 views

CVE-2023-5921

Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass.This issue affects Geodi: before 8.0.0.27396...

7.1CVSS5.8AI score0.00248EPSS
Exploits0References1
CVE
CVE
added 2023/11/22 9:3 a.m.49 views

CVE-2023-5921

CVE-2023-5921 affects DECE Software Geodi prior to version 8.0.0.27396. The issue is described as an improper enforcement of behavioral workflow that allows a functionality bypass . The material explicitly ties this to Geodi and a version boundary; no exploit details are provided. The recommended...

7.1CVSS7.1AI score0.00248EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/11/22 9:3 a.m.28 views

CVE-2023-5921 Function Bypass in Geodi

Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass. This issue affects Geodi: before 8.0.0.27396...

7.1CVSS7.2AI score0.00248EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/11/22 12:0 a.m.2 views

DECE Software Geodi Security Vulnerability

DECE Software Geodi is DECE Software's semantic search, GIS and discovery platform based on artificial intelligence and natural language processing. A security vulnerability exists in DECE Software Geodi versions prior to 8.0.0.27396 that stems from the presence of a behavioral workflow execution...

7.1CVSS6.9AI score0.00248EPSS
Exploits0References2
Rows per page
Query Builder