Lucene search
K

25 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-0141

Malicious code in bioql PyPI...

4.3CVSS6.8AI score0.00282EPSS
Exploits0References5
OSV
OSV
added 2025/01/30 5:52 p.m.9 views

GHSA-756X-M4MJ-Q96C Kubewarden-Controller information leak via AdmissionPolicyGroup Resource

Impact The policy group feature, added to by the 1.17.0 release, introduced two new types of CRD: ClusterAdmissionPolicyGroup and AdmissionPolicyGroup. The former is cluster wide, while the latter is namespaced. By being namespaced, the AdmissionPolicyGroup has a well constrained impact on cluste...

4.3CVSS4.7AI score0.00282EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/01/30 3:39 p.m.25 views

CVE-2025-24784 kubewarden-controller has an Information leak via AdmissionPolicyGroup Resource

kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. The policy group feature, added to by the 1.17.0 release. By being namespaced, the AdmissionPolicyGroup has a well constrained impact on cluster resources. Hence, it’s considere...

4.3CVSS0.00282EPSS
Exploits0References2
CVE
CVE
added 2025/01/30 3:39 p.m.97 views

CVE-2025-24784

CVE-2025-24784 affects kubewarden-controller (AdmissionPolicyGroup CRD) in Kubewarden. The issue enables an information leak where context aware policies can—via the ServiceAccount used to run the Policy Server—list/get resources in the cluster beyond the policy’s own scope, depending on the RBAC...

4.3CVSS4.4AI score0.00282EPSS
Exploits0References2
CVE
CVE
added 2024/05/16 6:4 a.m.46 views

CVE-2024-4843

CVE-2024-4843 affects Trellix ePolicy Orchestrator (ePO). Publicly cited documents describe insecure direct object references that let a least-privileged user manipulate client tasks and client task assignments, enabling privilege escalation. The NVD/NVD-derived entries describe impact as insuffi...

4.3CVSS6.7AI score0.00265EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2023/02/15 9:24 p.m.18 views

CIEM is Required for Cloud Security and IAM Providers to Compete: Gartner® Report

In an ongoing effort to help security organizations stay competitive, we’re pleased to offer this complimentary Gartner® report, Emerging Tech: CIEM Is Required for Cloud Security and IAM Providers to Compete. The research in the report demonstrates the need for Cloud Infrastructure Entitlement...

0.6AI score
Exploits0
Microsoft KB
Microsoft KB
added 2022/10/11 7:0 a.m.51 views

Description of the security update for SharePoint Foundation 2013: October 11, 2022 (KB5002284)

Description of the security update for SharePoint Foundation 2013: October 11, 2022 KB5002284 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common...

8.8CVSS9.2AI score0.76397EPSS
Exploits1
Microsoft KB
Microsoft KB
added 2022/10/11 7:0 a.m.50 views

Description of the security update for SharePoint Server Subscription Edition: October 11, 2022 (KB5002290)

Description of the security update for SharePoint Server Subscription Edition: October 11, 2022 KB5002290 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsof...

8.8CVSS9.3AI score0.76397EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 4:23 a.m.16 views

Security Bulletin: Storwize V7000 Unified documentation update available for configuration of Storwize V7000 Unified with LDAP authentication (CVE-2012-0706)

Abstract Storwize V7000 Unified includes a version of the LDAP client which stores the username and the password of the LDAP user in clear text in the local file system. Content VULNERABILITY DETAILS: CVE ID: CVE-2012-0706 DESCRIPTION: Storwize V7000 Unified requires LDAP username called binddn a...

3.5CVSS6.4AI score0.00713EPSS
Exploits0Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2022/07/12 1:45 p.m.13 views

3 Key Challenges for Cloud Identity and Access Management

Identity and access management IAM is one of the most critical tools for today's cloud-centric environment. Businesses' IT architectures have become more highly distributed than ever, and users need to access a growing suite of cloud services on demand. Determining the identities of users and...

0.5AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/06/23 4:0 p.m.25 views

Detecting malicious key extractions by compromised identities for Azure Cosmos DB

Azure Cosmos DB is a fully managed NoSQL cloud database service for modern app development. It offers a variety of advanced built-in features, such as automatic worldwide data replication, lightning-fast response types, and a variety of APIs. In this blog post, we describe security practices for...

0.1AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2022/06/23 4:0 p.m.27 views

Detecting malicious key extractions by compromised identities for Azure Cosmos DB

Azure Cosmos DB is a fully managed NoSQL cloud database service for modern app development. It offers a variety of advanced built-in features, such as automatic worldwide data replication, lightning-fast response types, and a variety of APIs. In this blog post, we describe security practices for...

0.1AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/11/17 5:0 p.m.26 views

Adopting a Zero Trust approach throughout the lifecycle of data

Instead of believing everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originates from an uncontrolled network. Regardless of where the request originates or what resource it accesses, Zero Trust teaches us to “never trust...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/09/22 4:18 a.m.42 views

The Gap in Your Zero Trust Implementation

Over the last several years, there have been numerous high-profile security breaches. These breaches have underscored the fact that traditional cyber defenses have become woefully inadequate and that stronger defenses are needed. As such, many organizations have transitioned toward a zero trust...

7.5AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2021/07/28 4:0 p.m.45 views

Zero Trust Adoption Report: How does your organization compare?

From the wide adoption of cloud-based services to the proliferation of mobile devices. From the emergence of advanced new cyberthreats to the recent sudden shift to remote work. The last decade has been full of disruptions that have required organizations to adapt and accelerate their security...

7.3AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/05/12 1:0 p.m.43 views

How to secure your hybrid work world with a Zero Trust approach

We are operating in the most complex cybersecurity landscape we’ve ever seen. Sophisticated and determined attackers are the norm. And we all are preparing for the next great disruption—hybrid work. Security has never been more important, and as I shared in another Security blog today, it’s clear...

Exploits0
CNVD
CNVD
added 2021/05/10 12:0 a.m.7 views

Artica Pandora FMS File Containment Vulnerability

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A remote file inclusion vulnerability exists in Artica Pandora FMS version 742, which can be exploited by a least privileg...

6.5CVSS6.8AI score0.02589EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/05/07 12:0 a.m.4 views

Artica Pandora FMS 安全漏洞

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A remote file inclusion vulnerability exists in Artica Pandora FMS version 742, which can be exploited by a least privileg...

6.5CVSS5.6AI score0.02589EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2021/02/16 1:30 p.m.172 views

Learn How to Manage and Secure Active Directory Service Accounts

There are many different types of accounts in a typical Active Directory environment. These include user accounts, computer accounts, and a particular type of account called a service account. A service account is a special type of account that serves a specific purpose for services, and...

0.8AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/01/28 7:0 p.m.46 views

Why operational resilience will be key in 2021, and how this impacts cybersecurity

The lessons we have learned during the past 12 months have demonstrated that the ability to respond to and bounce back from adversity in general, can impact the short-and long-term success of any organization. It can even dictate the leaders and laggards in any industry. When we take into...

7.9AI score
Exploits0
Rows per page
Query Builder