41 matches found
Malware in @opensearch-project/opensearch
Overview The OpenSearch Project has sustained a security incident involving an external actor gaining force-push permissions within the project's CI infrastructure to embed malicious packages into four release versions of @opensearch-project/opensearch. Users are instructed to immediately take...
WizExtend is Here: AI and Cloud Security Insights in Your Daily Workflow
Get risk insights and take remediation actions right from your in-browser CSP portal, VCS console, or as you’re reading up on the latest threat research...
Malicious Package
Overview axis-tools is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
EUVD-2024-45958
Malicious code in bioql PyPI...
Security Bulletin: IBM Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.10
Summary Apache Portable Runtime, Dojo, CKEditor, DOORS and DOORS Web Access Libraries are identified as vulnerable components with multiple reported vulnerabilities. The IBM Engineering Requirements Management DOORS/DWA product version 9.7.2.9 is vulnerable to the below mentioned CVEs. Remediatio...
Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Race Condition Format Flaw (CVE-2024-41779) and Race Condition Servlet (CVE-2024-41787)
Summary IBM Engineering Requirements Management DOORS Next is vulnerable to CVE-2024-41779 Race Condition Format Flaw and CVE-2024-41787 Race Condition Servlet. Vulnerability Details CVEID:CVE-2024-41787 DESCRIPTION: IBM Engineering Requirements Management DOORS Next could allow a remote attacker...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Fileupload and Apache Tomcat
Summary Vulnerabilities have been identified in Apache Commons Fileupload and Apache Tomcat which are used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2016-3092 DESCRIPTIO...
Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Information Exposure Through Error Message (CVE-2024-39725)
Summary IBM Engineering Requirements Management DOORS Next is vulnerable to Information Exposure Through Error Message CVE-2024-39725. Vulnerability Details CVEID:CVE-2024-39725 DESCRIPTION: IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacke...
Security Bulletin: IBM MQ Appliance is affected by multiple Java vulnerabilities (CVE-2024-10197, CVE-2024-21208 and CVE-2024-21217)
Summary IBM MQ Appliance has addressed multiple Java vulnerabilities. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...
GHSA-5P35-VXC4-5XRJ vulnerabilities
Vulnerabilities for packages: mysql...
GHSA-7H2X-HWCF-F9Q6 vulnerabilities
Vulnerabilities for packages: mysql...
GHSA-GJ89-QMXJ-Q494 vulnerabilities
Vulnerabilities for packages: mysql...
GHSA-H84V-W3GP-M42F vulnerabilities
Vulnerabilities for packages: mysql...
GLSA-202501-10 : Mozilla Firefox: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202501-10 Mozilla Firefox: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description...
Security Bulletin: IBM Engineering Lifecycle Management is impacted by vulnerabilities in Apache Jena
Summary A vulnerability has been identified in Apache Jena - jena-core-2.7.1.jar, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2021-39239 DESCRIPTION: Apache...
CISA Adds One Vulnerability to the KEV Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-0282link is external Ivanti Connect Secure Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significa...
GHSA-7Q7G-4XM8-89CQ vulnerabilities
Vulnerabilities for packages: eslint...
Hitachi Energy FOX61x, FOXCST, and FOXMAN-UN Products
SUMMARY Hitachi Energy is aware of a vulnerability that affects the FOXMAN-UN/FOXCST versions listed below. If exploited an attacker could potentially intercept or falsify data exchanges between the client and the server. Please refer to the “Recommended Immediate Actions” for information about...
Detecting and Visualizing Lateral Movement Attacks with Trellix XDR
Detecting and Visualizing Lateral Movement Attacks with Trellix XDR By Chintan Shah, Maulik Maheta, Ajeeth S · December 13, 2023 Executive summary With Organizations deploying multiple security controls and solutions on their network and endpoints, there is a significant gap in the way threat...
U.S. Dept Of Defense: Improper Access Control on Media Wiki allows an attackers to restart installation on DoD asset
An improper access control vulnerability was found on a MediaWiki website, allowing attackers to restart the installation process without authentication. The vulnerability was fixed by blocking all access to the mw-config folder...