WordPress MBE eShip Plugin <= 2.1.2 is vulnerable to Sensitive Data Exposure

Software MBE eShip Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.2.1 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-38742 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID df94a639a0f7 Credits Joshua Chan...

WordPress affiliate-toolkit Plugin <= 3.4.4 is vulnerable to Sensitive Data Exposure

Software affiliate-toolkit Type Plugin Vulnerable versions = 3.4.4 Fixed in 3.4.5 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-37205 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 304bb1692328 Credits Joshua...

WordPress Dynamics 365 Integration Plugin <= 1.3.17 is vulnerable to Sensitive Data Exposure

Software Dynamics 365 Integration Type Plugin Vulnerable versions = 1.3.17 Fixed in 1.3.18 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-34550 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 2397ac5f5483 Credi...

CVE-2024-3165

System-Maintenance- Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment. OWASP Top 10 - A05 Insecure Design OWASP Top...

WordPress Media File Renamer Plugin <= 5.6.9 is vulnerable to Sensitive Data Exposure

Software Media File Renamer Type Plugin Vulnerable versions = 5.6.9 Fixed in 5.7.0 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2023-44991 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c8e129aba6bd Credits Joshu...

Introducing AI-guided Remediation for IaC Security / KICS

While the use of Infrastructure as Code IaC has gained significant popularity as organizations embrace cloud computing and DevOps practices, the speed and flexibility that IaC provides can also introduce the potential for misconfigurations and security vulnerabilities. IaC allows organizations to...

Center for Internet Security (CIS) unveils Azure Foundations Benchmark v2.0.0

The Center for Internet Security CIS recently unveiled the latest version of their Azure Foundations Benchmark—Version 2.0.0. This is the first major release since the benchmark was originally released more than 4 years ago, which could lead you to believe that this update would come with a bunch...

CVE-2022-23716

A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster...

CVE-2022-23716

A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster...

Design/Logic Flaw

A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster...

Design/Logic Flaw

A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user a...

ARTIF - An Advanced Real Time Threat Intelligence Framework To Identify Threats And Malicious Web Traffic On The Basis Of IP Reputation And Historical Data.

ARTIF is a new advanced real time threat intelligence framework built that adds another abstraction layer on the top of MISP to identify threats and malicious web traffic on the basis of IP reputation and historical data. It also performs automatic enrichment and threat scoring by collecting,...

Best practices for securely moving workloads to Microsoft Azure

Azure is Microsofts cloud computing environment. It offers customers three primary service delivery models including infrastructure as a service IaaS, platform as a service PaaS, and software as a service SaaS. Adopting cloud technologies requires a shared responsibility model for security, with...

2017 OWASP Top 10: The Good, the Bad and the Ugly

Since its founding in 2001, the Open Web Application Security Project OWASP has become a leading resource for online security best practices. In particular, its list of the top 10 “Most Critical Web Application Security Risks” is a de facto application security standard. The recently released 201...