Lucene search
K

75 matches found

EUVD
EUVD
added 2026/03/10 6:46 p.m.7 views

EUVD-2026-10789

MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL b...

8.2CVSS5.9AI score0.14958EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.3 views

PT-2026-24620

Summary An unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL by supplying two custom HTTP headers without an Authorization header. No authentication is required. The...

8.2CVSS6.1AI score
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/01/17 12:0 a.m.4 views

Hybrid IDS Using Signature-Based and Anomaly-Based Detection

Intrusion detection systems IDS are essential for protecting computer systems and networks against a wide range of cyber threats that continue to evolve over time. IDS are commonly categorized into two main types, each with its own strengths and limitations, such as difficulty in detecting...

5.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/18 1:44 p.m.3 views

CVE-2025-67793

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 before 25.1.6. Users with the "Manage roles and permissions" privilege can promote themselves or other DOC users to the Supervisor role through an API call. This privilege is included by default in the...

9.8CVSS6.7AI score0.00268EPSS
Exploits0References1
OSV
OSV
added 2025/12/17 9:16 p.m.3 views

CVE-2025-67793

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 before 25.1.6. Users with the "Manage roles and permissions" privilege can promote themselves or other DOC users to the Supervisor role through an API call. This privilege is included by default in the...

9.8CVSS5.8AI score0.00268EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.6 views

PT-2025-51919

Name of the Vulnerable Software and Affected Versions DriveLock versions 24.1 through 24.1. DriveLock versions 24.2 through 24.2. DriveLock versions 25.1 through 25.1.5 Description A flaw exists in DriveLock where users possessing the "Manage roles and permissions" privilege can elevate their own...

9.8CVSS6.5AI score0.00268EPSS
Exploits0References5
CVE
CVE
added 2025/12/17 12:0 a.m.11 views

CVE-2025-67793

DriveLock vulnerable to privilege escalation where users with the "Manage roles and permissions" privilege can promote themselves or other DOC users to the Supervisor role via an API call. Affected versions include 24.1 through 24.1., 24.2 through 24.2. , and 25.1 before 25.1.6. The issue is stat...

9.8CVSS6.4AI score0.00268EPSS
Exploits0References1Affected Software1
Trend Micro Simply Security
Trend Micro Simply Security
added 2025/12/04 12:0 a.m.7 views

Project View: A New Era of Prioritized and Actionable Cloud Security

In today's cloud-first world, security teams face an overwhelming flood of alerts, fragmented visibility, and reactive workflows. The complexity of modern cloud environments—spanning multi-cloud deployments, ephemeral assets, and decentralized ownership—demands a new approach to risk management...

6.8AI score
Exploits0
Cvelist
Cvelist
added 2025/12/01 8:29 p.m.11 views

CVE-2025-66206 Frappe vulnerable to a path traversal allowing reading certain files

Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, certain requests were vulnerable to path traversal attacks, wherein some files from the server could be retrieved if the full path was known. Sites hosted on Frappe Cloud, and even other setups that are behind a rever...

6.8CVSS0.00298EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/10/17 12:0 a.m.4 views

Towards a Blockchain-Based CI/CD Framework to Enhance Security in Cloud Environments

Security is becoming a pivotal point in cloud platforms. Several divisions, such as business organisations, health care, government, etc., have experienced cyber-attacks on their infrastructures. This research focuses on security issues within Continuous Integration and Deployment CI/CD pipelines...

8.2AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-30276

Malicious code in bioql PyPI...

9.3CVSS6.6AI score0.00813EPSS
Exploits0References8
NVD
NVD
added 2025/09/29 9:15 p.m.5 views

CVE-2025-34220

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contains a /api-gateway/identity/search-groups endpoint that does not require authentication. Requests to...

6.9CVSS0.0065EPSS
Exploits1References4
CVE
CVE
added 2025/09/29 8:39 p.m.27 views

CVE-2025-34225

Vasion Print (PrinterLogic) Virtual Appliance Host before 25.1.102 and Application before 25.1.1413 suffer SSRF via an unauthenticated console_release directory. Dozens of PHP scripts build URLs from user-controlled input and invoke curl_exec() or file_get_contents() without sufficient validation...

8.8CVSS6.7AI score0.00764EPSS
Exploits1References4Affected Software2
Positive Technologies
Positive Technologies
added 2025/09/29 12:0 a.m.4 views

PT-2025-39885

Name of the Vulnerable Software and Affected Versions Vasion Print versions prior to 25.1.102 Vasion Print Application versions prior to 25.1.1413 Description The /api-gateway/identity/search-groups API endpoint does not require authentication. An unauthenticated remote attacker can enumerate eve...

6.9CVSS6.7AI score0.0065EPSS
Exploits1References8
OSV
OSV
added 2025/09/12 5:37 p.m.3 views

CVE-2025-58434 Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5 and earlier, the forgot-password endpoint in Flowise returns sensitive information including a valid password reset tempToken without authentication or verification. This enables any attacker...

9.8CVSS7.1AI score0.50118EPSS
Exploits14References4
Cvelist
Cvelist
added 2025/09/12 5:37 p.m.29 views

CVE-2025-58434 Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5 and earlier, the forgot-password endpoint in Flowise returns sensitive information including a valid password reset tempToken without authentication or verification. This enables any attacker...

9.8CVSS0.50118EPSS
Exploits14References2
OSV
OSV
added 2025/09/10 6:49 p.m.5 views

CVE-2025-59049 Mockoon has a Path Traversal and LFI in the static file serving endpoint

Mockoon provides way to design and run mock APIs. Prior to version 9.2.0, a mock API configuration for static file serving follows the same approach presented in the documentation page, where the server filename is generated via templating features from user input is vulnerable to Path Traversal...

7.5CVSS8.9AI score0.0166EPSS
Exploits0References6
Wallarm Lab
Wallarm Lab
added 2025/09/08 11:0 a.m.7 views

The API Security Dilemma: Why Traditional Approaches Are Failing in the AI Era

Throughout the past few years, APIs have become the backbone of digital infrastructure. They enable software-to-software communication, improve integration and interoperability, support modular architecture, and more. But as API use has exploded, so has API traffic volume and complexity, making...

7.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/26 12:0 a.m.19 views

Adversarial Threats in Quantum Machine Learning: a Survey of Attacks and Defenses

Quantum Machine Learning QML integrates quantum computing with classical machine learning, primarily to solve classification, regression and generative tasks. However, its rapid development raises critical security challenges in the Noisy Intermediate-Scale Quantum NISQ era. This chapter examines...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2025/06/04 4:18 p.m.28 views

CVE-2025-20286 ISE on AWS Static Credential

A vulnerability in Amazon Web Services AWS, Microsoft Azure, and Oracle Cloud Infrastructure OCI cloud deployments of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configuration...

9.9CVSS0.01046EPSS
Exploits0References1
Rows per page
Query Builder