Lucene search
K

50 matches found

Packet Storm News
Packet Storm News
added 2025/05/12 12:0 a.m.6 views

Evaluating Explanation Quality in X-IDS Using Feature Alignment Metrics

Explainable artificial intelligence XAI methods have become increasingly important in the context of explainable intrusion detection systems X-IDSs for improving the interpretability and trustworthiness of X-IDSs. However, existing evaluation approaches for XAI focus on model-specific properties...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/03/22 11:13 a.m.18 views

CVE-2024-8026

A Cross-Site Request Forgery CSRF vulnerability exists in the backend API of netease-youdao/qanything, as of commit d9ab8bc. The backend server has overly permissive CORS headers, allowing all cross-origin calls. This vulnerability affects all backend endpoints, enabling actions such as creating,...

8.1CVSS7.1AI score0.00228EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:15 a.m.5 views

CVE-2024-8026

A Cross-Site Request Forgery CSRF vulnerability exists in the backend API of netease-youdao/qanything, as of commit d9ab8bc. The backend server has overly permissive CORS headers, allowing all cross-origin calls. This vulnerability affects all backend endpoints, enabling actions such as creating,...

8.1CVSS7.3AI score0.00228EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2023/11/23 12:0 a.m.7 views

The vulnerability of server-based corporate software for monitoring and managing project knowledge bases in Adobe RoboHelp Server arises from insufficient measures taken to protect the SQL query structure. This allows attackers to gain unauthorized access to protected information.

The vulnerability of server-based corporate software for monitoring and managing project knowledge bases in Adobe RoboHelp Server relates to the lack of protective measures for SQL query structures. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorize...

6.8CVSS6.7AI score0.01206EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/04/05 6:15 p.m.4 views

CVE-2022-4937

The WCFM Frontend Manager plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 6.6.0 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as...

8.8CVSS7.3AI score0.00643EPSS
Exploits0References6
WPVulnDB
WPVulnDB
added 2023/04/05 12:0 a.m.15 views

WCFM Frontend Manager < 6.6.1 - Subscriber+ Unauthorised AJAX Calls

The plugin does not have authorisation in various AJAX actions, allowing any authenticated users, such as subscriber to call them and modify knowledge bases/notices/payments, manage vendors etc...

8.8CVSS8.6AI score0.00643EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2022/07/03 12:0 a.m.13 views

Trilium Notes 跨站脚本漏洞

Trilium Notes is a layered notes application for Zadam Personal Developers. It specializes in building large personal knowledge bases. A security vulnerability exists in Trilium Notes that stems from the presence of a cross-site scripting issue...

6.4CVSS6.1AI score0.03096EPSS
Exploits1References3
Information Security Automation
Information Security Automation
added 2022/02/18 5:0 p.m.69 views

VMconf 22: Blindspots in the Knowledge Bases of Vulnerability Scanners

Hello everyone! This video was recorded for the VMconf22 Vulnerability Management conference. I want to talk about the blind spots in the knowledge bases of Vulnerability Scanners and Vulnerability Management products. This report was presented in Russian at Tenable Security Day 2022. The video i...

5CVSS7.6AI score0.23061EPSS
Exploits4
BDU FSTEC
BDU FSTEC
added 2021/12/07 12:0 a.m.8 views

The vulnerability of the RoboHelp software in publishing content related to manuals, policies, and knowledge bases, due to the uncontrolled element of the search path. This vulnerability allows attackers to exploit their privileges.

The vulnerability of the RoboHelp software for publishing content such as help documents, policies, and knowledge bases is related to an uncontrollable element of the search process. Exploiting this vulnerability could allow a malicious actor to enhance their privileges remotely...

8.5CVSS6.5AI score0.01598EPSS
Exploits0References3Affected Software1
Information Security Automation
Information Security Automation
added 2018/12/21 6:21 p.m.197 views

Guinea Pig and Vulnerability Management products

IMHO, security vendors use the term "Vulnerability Management" extremely inaccurate. Like a guinea pig, which is not a pig and is not related to Guinea, the current Vulnerability Management products are not about the actual practically exploitable vulnerabilities and not really about the...

Exploits0
Rows per page
Query Builder