Lucene search
K

27 matches found

Trend Micro Simply Security
Trend Micro Simply Security
added 2026/06/08 12:0 a.m.22 views

Governing Claude Enterprise in Environments Where Inline Controls Can't Go

TrendAI™ integrates Anthropic's Claude Compliance API into TrendAI Vision One™ through two collectors that bring AI-aware visibility and detection to Claude Enterprise usage: one keeps all data inside the environment, while the other feeds TrendAI Vision One™ for deeper correlation and compliance...

5.5AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-10699

Malicious code in bioql PyPI...

2.7CVSS3.6AI score0.00237EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2025/05/26 11:25 a.m.10 views

CISO's Guide To Web Privacy Validation And Why It's Important

Are your web privacy controls protecting your users, or just a box-ticking exercise? This CISO's guide provides a practical roadmap for continuous web privacy validation that's aligned with real-world practices. – Download the full guide here. Web Privacy: From Legal Requirement to Business...

7AI score
Exploits0
Veracode
Veracode
added 2025/04/21 3:54 a.m.8 views

Improper Access Control

github.com/mattermost/mattermost-server is vulnerable to Improper Access Control. The vulnerability is due to insufficient enforcement of access restrictions on the /api/v4/audits endpoint, allowing users with delegated granular administration roles to access User Activity Logs without Compliance...

2.7CVSS7AI score0.00237EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2025/04/10 6:32 p.m.2 views

Incorrect Authorization

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization through the /api/v4/audits endpoint. An attacker can retrieve User Activity Logs by exploiting insufficient access control...

5.1CVSS6.9AI score0.00237EPSS
Exploits0References2
OSV
OSV
added 2025/04/10 6:32 p.m.7 views

GHSA-XFQ9-HH5X-XFQ9 Mattermost Fails to Enforce Proper Access Controls on `/api/v4/audits` Endpoint

Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...

2.7CVSS3.8AI score0.00237EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/04/10 6:32 p.m.19 views

Mattermost Fails to Enforce Proper Access Controls on `/api/v4/audits` Endpoint

Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...

2.7CVSS3.6AI score0.00237EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/04/10 4:15 p.m.22 views

CVE-2025-24866

Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...

2.7CVSS0.00237EPSS
Exploits0References1
OSV
OSV
added 2025/04/10 4:15 p.m.3 views

CVE-2025-24866

Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...

2.7CVSS6.9AI score
Exploits0References1
CVE
CVE
added 2025/04/10 3:33 p.m.228 views

CVE-2025-24866

CVE-2025-24866 affects Mattermost server (Mattermost 9.11.x, including 9.11.8 and earlier) where the access control on the /api/v4/audits endpoint is improper. The vulnerability allows users with delegated granular administration roles who do not have access to Compliance Monitoring to retrieve U...

2.7CVSS7.1AI score0.00237EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/10 12:0 a.m.3 views

PT-2025-15996 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.8 Description: The issue is related to improper access controls on the "/api/v4/audits" endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to...

9.9CVSS4.5AI score0.00955EPSS
Exploits1References38
The Hacker News
The Hacker News
added 2025/03/20 10:0 a.m.15 views

Why Continuous Compliance Monitoring Is Essential For IT Managed Service Providers

Regulatory compliance is no longer just a concern for large enterprises. Small and mid-sized businesses SMBs are increasingly subject to strict data protection and security regulations, such as HIPAA, PCI-DSS, CMMC, GDPR, and the FTC Safeguards Rule. However, many SMBs struggle to maintain...

7.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/02/11 4:0 p.m.6 views

What is Cloud Scanning, and Why Does It Matter?

Cloud environments continue to experience widespread adoption because of their flexibility and dynamic nature. They empower developers to quickly deploy or modify business applications and many other core business functions. However, this very dynamism and complexity also make them difficult to...

6.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/08/15 3:0 p.m.12 views

HHS OIG Report Underscores Challenges of Securing the Cloud

On July 22, 2024, HHS Health and Human Services OIG published a report identifying a need for the Department of Health and Human Services, Office of the Secretary HHS OS to improve key security controls to better protect cloud information systems. The report, while focused on HHS OS, underscores...

7.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/12/22 4:0 p.m.26 views

Securely Build AI/ML Applications in the Cloud with Rapid7 InsightCloudSec

It’s been little over a year since ChatGPT was released, and oh how much has changed. Advancements in Artificial Intelligence and Machine Learning have marked a transformative era, influencing virtually every facet of our lives. These innovative technologies have reshaped the landscape of natural...

6.9AI score
Exploits0
Wiz blog
Wiz blog
added 2023/09/19 2:31 p.m.16 views

GAO Study Reveals: Government Faces Challenges with Continuous Monitoring

Learn how government agencies can meet the GAO’s recommended cloud security best practices by establishing continuous risk and compliance monitoring in the cloud...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/08/07 10:30 a.m.31 views

Enhancing Security Operations Using Wazuh: Open Source XDR and SIEM

In today's interconnected world, evolving security solutions to meet growing demand is more critical than ever. Collaboration across multiple solutions for intelligence gathering and information sharing is indispensable. The idea of multiple-source intelligence gathering stems from the concept th...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/04/17 1:32 p.m.2 views

What's the Difference Between CSPM & SSPM?

Cloud Security Posture Management CSPM and SaaS Security Posture Management SSPM are frequently confused. The similarity of the acronyms notwithstanding, both security solutions focus on securing data in the cloud. In a world where the terms cloud and SaaS are used interchangeably, this confusion...

6.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/10/25 12:50 p.m.25 views

How Imperva Mitigates Security Threats in Oracle Cloud Infrastructures

Most organizations today rely on an unprecedented number of computing resources to build, deploy and scale the workflows and applications they need to succeed. They are responsible for more data than ever before, on-premises and in the cloud, which presents them with challenges they’ve never face...

0.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/07/19 3:14 p.m.36 views

Four features your data-centric security strategy must provide

Each year, the number of data breaches grows by 30%, underscoring the need for organizations to make data-centric security a business priority. Following the big data movement around the beginning of the 21st century, technological innovations have enabled companies to manage, store and process...

0.3AI score
Exploits0
Rows per page
Query Builder