Lucene search
K

41 matches found

Github Security Blog
Github Security Blog
added 2026/05/19 2:35 p.m.52 views

Malware in @opensearch-project/opensearch

Overview The OpenSearch Project has sustained a security incident involving an external actor gaining force-push permissions within the project's CI infrastructure to embed malicious packages into four release versions of @opensearch-project/opensearch. Users are instructed to immediately take...

5.8AI score
Exploits0References2Affected Software1
Wiz blog
Wiz blog
added 2026/01/21 1:56 p.m.5 views

WizExtend is Here: AI and Cloud Security Insights in Your Daily Workflow

Get risk insights and take remediation actions right from your in-browser CSP portal, VCS console, or as you’re reading up on the latest threat research...

5.4AI score
Exploits0
Snyk
Snyk
added 2025/11/03 12:11 a.m.6 views

Malicious Package

Overview axis-tools is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.8AI score
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-45958

Malicious code in bioql PyPI...

8.1CVSS6.3AI score0.00228EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 10:30 p.m.23 views

Security Bulletin: IBM Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.10

Summary Apache Portable Runtime, Dojo, CKEditor, DOORS and DOORS Web Access Libraries are identified as vulnerable components with multiple reported vulnerabilities. The IBM Engineering Requirements Management DOORS/DWA product version 9.7.2.9 is vulnerable to the below mentioned CVEs. Remediatio...

9.8CVSS10AI score0.46836EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:34 a.m.19 views

Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Race Condition Format Flaw (CVE-2024-41779) and Race Condition Servlet (CVE-2024-41787)

Summary IBM Engineering Requirements Management DOORS Next is vulnerable to CVE-2024-41779 Race Condition Format Flaw and CVE-2024-41787 Race Condition Servlet. Vulnerability Details CVEID:CVE-2024-41787 DESCRIPTION: IBM Engineering Requirements Management DOORS Next could allow a remote attacker...

9.8CVSS9.7AI score0.01093EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/11 6:7 p.m.19 views

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Fileupload and Apache Tomcat

Summary Vulnerabilities have been identified in Apache Commons Fileupload and Apache Tomcat which are used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2016-3092 DESCRIPTIO...

9.8CVSS8.5AI score0.35927EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/03 1:35 p.m.10 views

Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Information Exposure Through Error Message (CVE-2024-39725)

Summary IBM Engineering Requirements Management DOORS Next is vulnerable to Information Exposure Through Error Message CVE-2024-39725. Vulnerability Details CVEID:CVE-2024-39725 DESCRIPTION: IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacke...

5.3CVSS5.3AI score0.00366EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/27 8:38 p.m.29 views

Security Bulletin: IBM MQ Appliance is affected by multiple Java vulnerabilities (CVE-2024-10197, CVE-2024-21208 and CVE-2024-21217)

Summary IBM MQ Appliance has addressed multiple Java vulnerabilities. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

5.3CVSS4.8AI score0.01157EPSS
Exploits1Affected Software1
Chainguard
Chainguard
added 2025/02/25 1:11 p.m.5 views

GHSA-5P35-VXC4-5XRJ vulnerabilities

Vulnerabilities for packages: mysql...

7.3AI score
Exploits0
Chainguard
Chainguard
added 2025/02/25 1:11 p.m.6 views

GHSA-7H2X-HWCF-F9Q6 vulnerabilities

Vulnerabilities for packages: mysql...

7.3AI score
Exploits0
Chainguard
Chainguard
added 2025/02/25 1:11 p.m.5 views

GHSA-GJ89-QMXJ-Q494 vulnerabilities

Vulnerabilities for packages: mysql...

7.3AI score
Exploits0
Chainguard
Chainguard
added 2025/02/25 1:11 p.m.4 views

GHSA-H84V-W3GP-M42F vulnerabilities

Vulnerabilities for packages: mysql...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/01/23 12:0 a.m.12 views

GLSA-202501-10 : Mozilla Firefox: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202501-10 Mozilla Firefox: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description...

9.8CVSS7.4AI score0.1307EPSS
Exploits0References35
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/13 8:49 a.m.27 views

Security Bulletin: IBM Engineering Lifecycle Management is impacted by vulnerabilities in Apache Jena

Summary A vulnerability has been identified in Apache Jena - jena-core-2.7.1.jar, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2021-39239 DESCRIPTION: Apache...

9.8CVSS6.7AI score0.04007EPSS
Exploits0Affected Software1
CISA
CISA
added 2025/01/08 12:0 p.m.25 views

CISA Adds One Vulnerability to the KEV Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-0282link is external Ivanti Connect Secure Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significa...

9CVSS9.2AI score0.99971EPSS
In wildExploits13References8
Chainguard
Chainguard
added 2024/11/15 8:47 p.m.28 views

GHSA-7Q7G-4XM8-89CQ vulnerabilities

Vulnerabilities for packages: eslint...

7.3AI score
Exploits0
ICS
ICS
added 2024/06/11 12:30 p.m.8 views

Hitachi Energy FOX61x, FOXCST, and FOXMAN-UN Products

SUMMARY Hitachi Energy is aware of a vulnerability that affects the FOXMAN-UN/FOXCST versions listed below. If exploited an attacker could potentially intercept or falsify data exchanges between the client and the server. Please refer to the “Recommended Immediate Actions” for information about...

6.8CVSS6.9AI score0.00219EPSS
Exploits0References9
Trellix
Trellix
added 2023/12/13 12:0 a.m.32 views

Detecting and Visualizing Lateral Movement Attacks with Trellix XDR

Detecting and Visualizing Lateral Movement Attacks with Trellix XDR By Chintan Shah, Maulik Maheta, Ajeeth S · December 13, 2023 Executive summary With Organizations deploying multiple security controls and solutions on their network and endpoints, there is a significant gap in the way threat...

8.5AI score
Exploits0
Hacker One
Hacker One
added 2022/12/14 11:43 a.m.12 views

U.S. Dept Of Defense: Improper Access Control on Media Wiki allows an attackers to restart installation on DoD asset

An improper access control vulnerability was found on a MediaWiki website, allowing attackers to restart the installation process without authentication. The vulnerability was fixed by blocking all access to the mw-config folder...

7AI score
Exploits0
Rows per page
Query Builder