Lucene search
K

18 matches found

Github Security Blog
Github Security Blog
added 2026/03/11 3:33 p.m.6 views

Anytype Heart's gRPC API client challenge verification can be bypassed on localhost

Impact The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. Affected components: - Anytype Desktop all platforms ≤ v0.48.2 - Anytype-CLI headless deployments ≤ v0.1.9 Not affected: - Anytype mobile apps iOS...

4.4CVSS5.8AI score0.00107EPSS
Exploits0References6Affected Software2
Vulnrichment
Vulnrichment
added 2026/02/21 7:14 a.m.3 views

CVE-2026-27466 BigBlueButton: Exposed ClamAV port enables Denial of Service

BigBlueButton is an open-source virtual classroom. In versions 3.0.21 and below, the official documentation for "Server Customization" on Support for ClamAV as presentation file scanner contains instructions that leave a BBB server vulnerable for Denial of Service. The flawed command exposes both...

7.2CVSS5.6AI score0.00397EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/21 7:14 a.m.23 views

CVE-2026-27466 BigBlueButton: Exposed ClamAV port enables Denial of Service

BigBlueButton is an open-source virtual classroom. In versions 3.0.21 and below, the official documentation for "Server Customization" on Support for ClamAV as presentation file scanner contains instructions that leave a BBB server vulnerable for Denial of Service. The flawed command exposes both...

7.2CVSS0.00397EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-30276

Malicious code in bioql PyPI...

9.3CVSS6.6AI score0.00806EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.2 views

Avoid Enabling Unnecessary Services and Ports

In the zones, you need to specify the interfaces, ports, and services that need to be enabled or disabled. Correct configuration prevents illegitimate packets from being received and processed, reduces the number of exposed ports on the server, and reduces the attack surface. If the configuration...

6.9AI score
Exploits0References2
The Hacker News
The Hacker News
added 2024/06/18 9:41 a.m.33 views

New Malware Targets Exposed Docker APIs for Cryptocurrency Mining

Cybersecurity researchers have uncovered a new malware campaign that targets publicly exposed Docket API endpoints with the aim of delivering cryptocurrency miners and other payloads. Included among the tools deployed is a remote access tool that's capable of downloading and executing more...

7.8AI score
Exploits0
NVD
NVD
added 2024/02/02 4:15 p.m.30 views

CVE-2024-24760

mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container,...

8.8CVSS8.6AI score0.00868EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/02 12:0 a.m.5 views

PT-2024-20538 · Mailcow · Mailcow

Name of the Vulnerable Software and Affected Versions: mailcow versions prior to 2024-01c Description: A security issue has been identified in mailcow, a dockerized email package. This issue potentially allows attackers on the same subnet to connect to exposed ports of a Docker container, even wh...

8.8CVSS7.1AI score0.00868EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2023/06/19 11:51 a.m.5 views

Introducing AI-guided Remediation for IaC Security / KICS

While the use of Infrastructure as Code IaC has gained significant popularity as organizations embrace cloud computing and DevOps practices, the speed and flexibility that IaC provides can also introduce the potential for misconfigurations and security vulnerabilities. IaC allows organizations to...

6.9AI score
Exploits0
OSV
OSV
added 2021/09/29 8:15 p.m.5 views

CVE-2020-12030

There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway...

10CVSS7.4AI score0.01054EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2021/06/28 1:0 p.m.107 views

Automated remediation level 3: Governance and hygiene

Mold it, make it, just don’t fake it At a quick glance, it seems like the title of this blog is “government hygiene.” Most likely, that wouldn’t be a particularly exciting read, but we’re hoping you might be engaged enough to gain a few takeaways from this fourth piece in our series on automating...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/04 10:48 a.m.5 views

Beware: New Matryosh DDoS Botnet Targeting Android-Based Devices

A nascent malware campaign has been spotted co-opting Android devices into a botnet with the primary purpose of carrying out distributed denial-of-service DDoS attacks. Called "Matryosh" by Qihoo 360's Netlab researchers, the latest threat has been found reusing the Mirai botnet framework and...

5.9AI score
Exploits0
Cvelist
Cvelist
added 2020/06/24 4:40 a.m.45 views

CVE-2020-10271 RVD#2555: MiR ROS computational graph is exposed to all network interfaces, including poorly secured wireless networks and open wired ones

MiR100, MiR200 and other MiR robots use the Robot Operating System ROS default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as...

10CVSS9.6AI score0.01768EPSS
Exploits1References1
NVD
NVD
added 2020/01/30 6:15 p.m.29 views

CVE-2020-7905

Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were exposed to the network...

7.5CVSS7.5AI score0.01155EPSS
Exploits0References2
OSV
OSV
added 2019/03/23 4:29 p.m.4 views

CVE-2019-9945

SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid...

9.8CVSS7.5AI score0.05845EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2018/01/23 1:29 a.m.1 views

CVE-2017-17406

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within an exposed RMI registry, which listens on TCP ports 1800 and 1850 by defaul...

9.8CVSS6.5AI score0.04491EPSS
Exploits0References3
Kitploit
Kitploit
added 2015/03/19 3:30 p.m.20 views

Project Artillery - Full Suite for Protection against Attack on Linux and Windows

Project Artillery is an open source project aimed at the detection of early warning indicators and attacks. The concept is that Artillery will spawn multiple ports on a system giving the attacker the idea that multiple ports are exposed. Additionally, Artillery actively monitors the filesystem fo...

7.2AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2014/11/03 7:52 p.m.4 views

OpenShift: /proc/net/tcp information disclosure

It was found that OpenShift Enterprise did not restrict access to the /proc/net/tcp file in gears, which allowed local users to view all listening connections and connected sockets. This could result in remote system's IP or port numbers in use to be exposed, which may be useful for further...

2.1CVSS5.7AI score0.00378EPSS
Exploits0References4
Rows per page
Query Builder