CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2024/10/23 12:0 a.m.•6 views

PT-2024-9445 · Cisco · Cisco Secure Firewall Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Management Center formerly Cisco Firepower Management Center versions not specified Description: The issue is related to insufficient validation of user-supplied input, allowing an authenticated, remote attacker to perfo...

6.8CVSS7.6AI score0.00448EPSS

Exploits0References7

The Hacker News•added 2024/10/16 9:28 a.m.•23 views

5 Techniques for Collecting Cyber Threat Intelligence

To defend your organization against cyber threats, you need a clear picture of the current threat landscape. This means constantly expanding your knowledge about new and ongoing threats. There are many techniques analysts can use to collect crucial cyber threat intelligence. Let's consider five...

7.2AI score

OpenVAS•added 2024/10/09 12:0 a.m.•19 views

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-2496)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.2AI score0.02114EPSS

OpenVAS•added 2024/10/09 12:0 a.m.•11 views

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-2520)

7.5CVSS8.2AI score0.02114EPSS

NVD•added 2024/10/08 5:15 p.m.•6 views

CVE-2024-9620

A flaw was found in Event-Driven Automation EDA in Ansible Automation Platform AAP, which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerability by sniffing the plaintext data transmitted between the EDA and AAP. An attacker with system access...

5.3CVSS0.00153EPSS

Cvelist•added 2024/10/08 4:25 p.m.•15 views

CVE-2024-9620 Event-driven automation in ansible automation platform (aap): ansible event-driven automation (eda) lacks encryption

5.3CVSS0.00153EPSS

CVE•added 2024/10/08 4:25 p.m.•41 views

CVE-2024-9620

CVE-2024-9620 affects Red Hat Ansible Automation Platform’s Event-Driven Automation (EDA) component, where sensitive information is not encrypted. The issue allows an attacker with network access to sniff plaintext data transmitted between EDA and AAP, or with system access to read plaintext data...

5.3CVSS5.2AI score0.00153EPSS

Malwarebytes•added 2024/10/03 1:17 p.m.•6 views

Not Black Mirror: Meta’s smart glasses used to reveal someone’s identity just by looking at them

Like something out of Black Mirror, two students have demonstrated a way to use smart glasses and facial recognition technology to immediately reveal people’s names, phone numbers, and addresses. The Harvard students have dubbed the system I-XRAY and it works like this: When you look at someone’s...

6.9AI score

Wired Threat Level•added 2024/10/03 10:30 a.m.•15 views

License Plate Readers Are Creating a US-Wide Database of More Than Just Cars

From Trump campaign signs to Planned Parenthood bumper stickers, license plate readers around the US are creating searchable databases that reveal Americans’ political leanings and more...

7.3AI score

OSV•added 2024/09/18 6:15 p.m.•3 views

CLSA-2024-1726683307 bind: Fix of CVE-2024-1737

CVE-2024-1737: fix resolver caches and authoritative zone databases to prevent degraded performance when handling client queries for the same hostname...

7.5CVSS7.3AI score0.02114EPSS

OSSF Malicious Packages•added 2024/09/16 2:8 p.m.•4 views

Malicious code in discord-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3b55230c05e2303e965a53322d83ead8df66e188c696755b26efefd96192a144 Package suggests being an api for discord. On importing the module, it attempts to find and exfiltrate leveldb databases from Discord apps and Chrome ---...

7AI score

OSV•added 2024/09/16 2:8 p.m.•6 views

MAL-2024-12255 Malicious code in discord-api (PyPI)

6.9AI score

Positive Technologies•added 2024/09/10 12:0 a.m.•2 views

PT-2024-6370 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: MindsDB versions 23.10.5.0 through 24.7.4.1 Description: An arbitrary code execution issue exists when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, a specially crafted...

9CVSS8.1AI score0.00864EPSS

Exploits1References17

Vulnrichment•added 2024/09/03 10:1 a.m.•11 views

CVE-2024-8374 Arbitrary Code Injection in Cura

UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader /plugins/ThreeMFReader.py. The vulnerability arises from improper handling of the droptobuildplate property within 3MF files, which are ZIP archives containing the model data. When...

7.8CVSS7.9AI score0.00433EPSS

Cvelist•added 2024/09/03 10:1 a.m.•41 views

CVE-2024-8374 Arbitrary Code Injection in Cura

7.8CVSS0.00433EPSS

Debian CVE•added 2024/09/03 10:1 a.m.•10 views

CVE-2024-8374

7.8CVSS6AI score0.00433EPSS

Wallarm Lab•added 2024/08/30 3:52 p.m.•11 views

Evolution of Attack Surface Management

The Early Days: Basic Asset Management While it was not called ASM, the concept of managing attack surface management began with basic asset management practices in the late 1990s and early 2000s. Organizations focused on keeping an inventory of their digital assets, such as servers, desktops, an...

7AI score