Lucene search
K

296 matches found

CVE
CVE
added 2025/09/18 9:22 p.m.22 views

CVE-2025-52873

CVE-2025-52873 affects Cognex In-Sight Explorer and In-Sight Camera Firmware. The vulnerability arises from a telnet service on port 23 that supports management operations (e.g., firmware upgrades, reboots) requiring authentication. A user with protected privileges can invoke SetSystemConfig to m...

8.1CVSS6.5AI score0.00293EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/18 12:0 a.m.7 views

PT-2025-38489

Name of the Vulnerable Software and Affected Versions Cognex In-Sight Explorer and In-Sight Camera Firmware affected versions not specified Description The software exposes a telnet-based service on port 23, intended for management operations like firmware upgrades and device reboots that require...

8.1CVSS6.3AI score0.00293EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2025/09/03 9:41 p.m.4 views

Rejected reason: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded.

...

7AI score
Exploits0
OSV
OSV
added 2025/08/18 9:0 p.m.3 views

GHSA-3XW7-V6CJ-5Q8H Copier's safe template has arbitrary filesystem read/write access

Impact Copier's current security model shall restrict filesystem access through Jinja: - Files can only be read using % include ... %, which is limited by Jinja to reading files from the subtree of the local template clone in our case. - Files are written in the destination directory according to...

8.5CVSS6AI score0.0024EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2025/08/17 12:0 a.m.3 views

Fortifying the Agentic Web: a Unified Zero-Trust Architecture against Logic-Layer Threats

This paper presents a Unified Security Architecture that fortifies the Agentic Web through a Zero-Trust IAM framework. This architecture is built on a foundation of rich, verifiable agent identities using Decentralized Identifiers DIDs and Verifiable Credentials VCs, with discovery managed by a...

6.8AI score
Exploits0
Debian CVE
Debian CVE
added 2025/07/23 12:0 a.m.3 views

CVE-2025-46686

Redis through 8.0.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user. This occurs because the server allocates memory for the command arguments of every bulk, even when the command is skipped because of insufficient permissions. NOTE: this i...

3.5CVSS5.3AI score0.00263EPSS
Exploits0
OpenVAS
OpenVAS
added 2025/07/18 12:0 a.m.6 views

XWiki 16.10.0-rc-1 < 16.10.4, 17.0.0-rc-1 < 17.1.0 RCE Vulnerability (GHSA-rhfv-688c-p6hp)

Xwiki is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

8.8CVSS7.9AI score0.0078EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2025/07/01 11:0 a.m.9 views

A New Maturity Model for Browser Security: Closing the Last-Mile Risk

Despite years of investment in Zero Trust, SSE, and endpoint protection, many enterprises are still leaving one critical layer exposed: the browser. It's where 85% of modern work now happens. It's also where copy/paste actions, unsanctioned GenAI usage, rogue extensions, and personal devices crea...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/11 10:0 a.m.13 views

How to Build a Lean Security Model: 5 Lessons from River Island

In today’s security landscape, budgets are tight, attack surfaces are sprawling, and new threats emerge daily. Maintaining a strong security posture under these circumstances without a large team or budget can be a real challenge. Yet lean security models are not only possible - they can be highl...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 11:43 p.m.6 views

CVE-2022-21707

wasmCloud Host Runtime is a server process that securely hosts and provides dispatch for web assembly WASM actors and capability providers. In versions prior to 0.52.2 actors can bypass capability authorization. Actors are normally required to declare their capabilities for inbound invocations, b...

8.1CVSS6.7AI score0.00947EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:45 p.m.8 views

CVE-2022-47551

Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before...

6.5CVSS6.8AI score0.00604EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:29 p.m.8 views

CVE-2021-3195

bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory e.g., outside the /.bitcoin directory via a dumpwallet RPC call. NOTE: this reportedly does not violate the security model of Bitcoin Core, but can violate the security model of a fork that has implemented...

7.5CVSS7AI score0.01172EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2025/05/22 12:0 a.m.5 views

Dynamic Encryption-Based Cloud Security Model Using Facial Image and Password-Based Key Generation for Multimedia Data

In this cloud-dependent era, various security techniques, such as encryption, steganography, and hybrid approaches, have been utilized in cloud computing to enhance security, maintain enormous storage capacity, and provide ease of access. However, the absence of data type-specific encryption and...

6.9AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2025/05/15 4:0 p.m.14 views

​​How the Microsoft Secure Future Initiative brings Zero Trust to life

In this blog, you'll learn more about how the Microsoft Secure Future Initiative SFI—a real-world case study on Zero Trust—aligns with Zero Trust strategies. We’ll share key updates from the April 2025 SFI progress report and practical Zero Trust guidance to help you strengthen your organization’...

7.5AI score
Exploits0
OSV
OSV
added 2025/04/30 4:40 p.m.11 views

GHSA-HG79-FW4P-25P8 Volcano Scheduler Denial of Service via Unbounded Response from Elastic Service/extender Plugin

Impact This issue allows an attacker who has compromised either the Elastic service or the extender plugin to cause denial of service of the scheduler. This is a privilege escalation, because Volcano users may run their Elastic service and extender plugins in separate pods or nodes from the...

7.2CVSS6.8AI score0.00396EPSS
Exploits0References14
The Hacker News
The Hacker News
added 2025/03/31 11:0 a.m.20 views

5 Impactful AWS Vulnerabilities You're Responsible For

If you're using AWS, it's easy to assume your cloud security is handled - but that's a dangerous misconception. AWS secures its own infrastructure, but security within a cloud environment remains the customer's responsibility. Think of AWS security like protecting a building: AWS provides strong...

6.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2025/02/14 5:27 a.m.4 views

SUSE CVE-2024-23445

It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.htmlsecurity-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the fieldsecurity parameter, an...

6.5CVSS6.6AI score0.00456EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.25 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Elastic Elasticsearch sensitive information disclosure vulnerabilitiy( CVE-2024-23451)

Summary Potential Elastic Elasticsearch sensitive information disclosure vulnerabilitiy CVE-2024-23451 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-23451...

6.5CVSS8.4AI score0.00435EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/14 6:49 p.m.8 views

CVE-2025-23042 Gradio Blocked Path ACL Bypass Vulnerability

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List ACL for file paths can be bypassed by altering the letter case of a blocked file or directory path. This...

8.7CVSS6.2AI score0.00836EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/12/11 12:0 a.m.6 views

Amazon Linux 2 : kernel (ALAS-2021-1634)

The version of kernel installed on the remote host is prior to 4.14.231-173.361. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1634 advisory. A low severity issue was found in the Nitro Enclaves Linux kernel driver that could lead to local privilege escalation. The...

5.6AI score
Exploits0References1
Rows per page
Query Builder