50 matches found
Evaluating Explanation Quality in X-IDS Using Feature Alignment Metrics
Explainable artificial intelligence XAI methods have become increasingly important in the context of explainable intrusion detection systems X-IDSs for improving the interpretability and trustworthiness of X-IDSs. However, existing evaluation approaches for XAI focus on model-specific properties...
CVE-2024-8026
A Cross-Site Request Forgery CSRF vulnerability exists in the backend API of netease-youdao/qanything, as of commit d9ab8bc. The backend server has overly permissive CORS headers, allowing all cross-origin calls. This vulnerability affects all backend endpoints, enabling actions such as creating,...
CVE-2024-8026
A Cross-Site Request Forgery CSRF vulnerability exists in the backend API of netease-youdao/qanything, as of commit d9ab8bc. The backend server has overly permissive CORS headers, allowing all cross-origin calls. This vulnerability affects all backend endpoints, enabling actions such as creating,...
The vulnerability of server-based corporate software for monitoring and managing project knowledge bases in Adobe RoboHelp Server arises from insufficient measures taken to protect the SQL query structure. This allows attackers to gain unauthorized access to protected information.
The vulnerability of server-based corporate software for monitoring and managing project knowledge bases in Adobe RoboHelp Server relates to the lack of protective measures for SQL query structures. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorize...
CVE-2022-4937
The WCFM Frontend Manager plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 6.6.0 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as...
WCFM Frontend Manager < 6.6.1 - Subscriber+ Unauthorised AJAX Calls
The plugin does not have authorisation in various AJAX actions, allowing any authenticated users, such as subscriber to call them and modify knowledge bases/notices/payments, manage vendors etc...
Trilium Notes 跨站脚本漏洞
Trilium Notes is a layered notes application for Zadam Personal Developers. It specializes in building large personal knowledge bases. A security vulnerability exists in Trilium Notes that stems from the presence of a cross-site scripting issue...
VMconf 22: Blindspots in the Knowledge Bases of Vulnerability Scanners
Hello everyone! This video was recorded for the VMconf22 Vulnerability Management conference. I want to talk about the blind spots in the knowledge bases of Vulnerability Scanners and Vulnerability Management products. This report was presented in Russian at Tenable Security Day 2022. The video i...
The vulnerability of the RoboHelp software in publishing content related to manuals, policies, and knowledge bases, due to the uncontrolled element of the search path. This vulnerability allows attackers to exploit their privileges.
The vulnerability of the RoboHelp software for publishing content such as help documents, policies, and knowledge bases is related to an uncontrollable element of the search process. Exploiting this vulnerability could allow a malicious actor to enhance their privileges remotely...
Guinea Pig and Vulnerability Management products
IMHO, security vendors use the term "Vulnerability Management" extremely inaccurate. Like a guinea pig, which is not a pig and is not related to Guinea, the current Vulnerability Management products are not about the actual practically exploitable vulnerabilities and not really about the...