CVE-2024-0012

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege...

CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege...

CVE-2024-0012

CVE-2024-0012 is an authentication bypass in Palo Alto Networks PAN-OS management web interface that lets an unauthenticated, network-reachable attacker gain PAN-OS administrator privileges. Affected products/versions: PAN-OS 10.2, 11.0, 11.1, and 11.2; Cloud NGFW and Prisma Access are not impact...

CVE-2024-48919 RCE via Prompt Injection Into Cursor's Terminal Cmd-K

Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated a terminal command via Cursor's Terminal Cmd-K/Ctrl-K feature and if the user explicitly imported a malicious web page into the Terminal Cmd-K prompt, an attacker with control over the referenced web...

CVE-2024-20490 Cisco Nexus Dashboard Fabric Controller and Nexus Dashboard Orchestrator Information Disclosure Vulnerability

A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller NDFC and Cisco Nexus Dashboard Orchestrator NDO could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in ...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-8963 Ivanti Cloud Services Appliance CSA Path Traversal Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and...

Fedora: Security Advisory (FEDORA-2024-1f68985052)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

nursingpracticejournal.com Cross Site Scripting vulnerability OBB-3950622

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Netscaler Upgrades and General Configuration

Introduction This document provides useful resources and links to help with upgrading NetScaler and for performing general configuration. See the best practice guides provided below to help with validating your deployment. The tools and resources section includes the Precheck Tool, which can be...

Malicious code in a1521hk-minitest-practice (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

GHSA-VH7Q-J8P5-2H4H silverstripe/framework sends passwords back to browsers under some circumstances

Under some circumstances a form may populate a PasswordField with submitted data, reflecting submitted data back to a user. The user will only see their own submissions for password data, which is not considered best practice. We are not aware of data leaks to other users, devices or sessions...

New Guide: How to Scale Your vCISO Services Profitably

Cybersecurity and compliance guidance are in high demand among SMEs. However, many of them cannot afford to hire a full-time CISO. A vCISO can answer this need by offering on-demand access to top-tier cybersecurity expertise. This is also an opportunity for MSPs and MSSPs to grow their business a...

BIT-COMPOSER-2023-43655 Remote Code Execution via web-accessible composer.phar

Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has registerargcargv enabled in php.ini. Versions 2.6.4, 2.2.22 an...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix lock dependency warning ====================================================== WARNING: possible circular locking dependency detected 6.5.0-kfd-fkuehlin 276 Not tainted...

nature-practice.de Improper Access Control vulnerability OBB-3820069

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2023-32457 · WordPress · Ecommerce Product Catalog Plugin

Name of the Vulnerable Software and Affected Versions: eCommerce Product Catalog Plugin for WordPress versions prior to 3.3.26 Description: The issue is related to the lack of CSRF checks in some admin pages of the plugin, which could allow attackers to make logged-in users perform unwanted actio...

PHPEMS Cross-Site Scripting Vulnerability

PHPEMS is a PHP online practice exam system. A cross-site scripting vulnerability exists in PHPEMS version 7.0, which stems from a cross-site scripting XSS vulnerability in the component Content Section Handler...

PT-2023-8865 · Unknown +1 · Minizip-Ng +1

Name of the Vulnerable Software and Affected Versions: minizip-ng version 4.0.2 Description: The issue is related to a Buffer Overflow in the mz path resolve function, located in the mz os.c file, which can be exploited by an attacker using a crafted file. This could allow a remote attacker to...

[R2] Security Center Version 6.2.1 Fixes Multiple Vulnerabilities

R2 Security Center Version 6.2.1 Fixes Multiple Vulnerabilities Arnie Cabral Mon, 11/20/2023 - 10:08 Security Center leverages third-party software to help provide underlying functionality. One of the third-party components Apache was found to contain vulnerabilities, and updated versions have be...

PT-2023-30748

Name of the Vulnerable Software and Affected Versions joaquimserafim/json-web-token affected versions not specified Description The json-web-token library is vulnerable to a JWT algorithm confusion attack. This issue arises because the algorithm to use for verifying the signature of the JWT token...