From Threat Intelligence to Firewall Rules: Semantic Relations in Hybrid AI Agent and Expert System Architectures

Web security demands rapid response capabilities to evolving cyber threats. Agentic Artificial Intelligence AI promises automation, but the need for trustworthy security responses is of the utmost importance. This work investigates the role of semantic relations in extracting information for...

CVE-2024-27674

Macro Expert through 4.9.4 allows BUILTIN\Users:OICIM access to the "%PROGRAMFILESX86%\GrassSoft\Macro Expert" folder and thus an unprivileged user can escalate to SYSTEM by replacing the MacroService.exe binary...

CVE-2024-27291

Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, it is possible to create a URL that acts as an open redirect. The vulnerability has been patched in version 1.4.97 of the master branch...

CVE-2024-27292 Docassemble unauthorized access through URL manipulation

Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the mast...

CVE-2024-27291

CVE-2024-27291 concerns Docassemble, an expert system for guided interviews and document assembly. The issue is an open redirect vulnerability: before version 1.4.97, a crafted URL can cause a user to be redirected to an arbitrary site due to improper URL handling. The open redirect is mitigated ...

CVE-2024-27290

Docassemble is affected by an HTML/JavaScript injection vulnerability in which an attacker could input HTML in a field (notably the user’s name) and have it rendered as HTML. This stems from improper handling of user-supplied HTML prior to version 1.4.97. The issue has been fixed in the master br...

PT-2022-25504 · Unknown · Mail Sqr Expert System

Name of the Vulnerable Software and Affected Versions: Mail SQR Expert system affected versions not specified Description: The issue allows an unauthenticated remote attacker to execute arbitrary PHP files with a .asp file extension under specific system paths. This can lead to accessing and...

SQL Injection Vulnerability in Enterprise Intelligence's Network Office Management Expert System

Network Office Management Expert System is a network office system with a great deal of specialized knowledge. A SQL injection vulnerability exists in the Network Office Management Specialist System, which is owned by Enterprise Intelligence. It allows attackers to exploit the vulnerability to ga...