Lucene search
K

361 matches found

Krebs on Security
Krebs on Security
added 2024/08/23 2:12 p.m.13 views

Local Networks Go Global When Domain Names Collide

The proliferation of new top-level domains TLDs has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didnt exist at the time. Meaning, they are continuously sending their Windows usernam...

7.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/07/25 12:0 a.m.19 views

The vulnerability of the `/settings/store` API of the pgAdmin database management tool allows a hacker to perform a cross-site scripting attack.

The vulnerability of the /settings/store API of the pgAdmin database management tool is related to the lack of security measures for the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

7.4CVSS6.9AI score0.00461EPSS
Exploits1References5Affected Software3
Hacker One
Hacker One
added 2024/06/26 2:41 a.m.51 views

HackerOne: Hackers can Invite Collaborators Without 2FA on Programs Requiring 2FA

Vulnerability description not provided...

7.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/06/18 12:0 a.m.6 views

The vulnerability of the Identity Manager software component, used for managing and controlling access to corporate resources and IBM Security Verify Governance applications, allows a perpetrator to execute arbitrary code.

The vulnerability of the Identity Manager software component, which is used for managing and controlling access to corporate resources and applications in IBM Security Verify Governance, is related to the lack of security measures taken to protect the website structure. Exploiting this...

4.2CVSS6.7AI score0.00301EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/15 5:48 p.m.18 views

amphp/http-client Header leakage on cross-domain redirects

amphp/http-client has a security weakness that might leak sensitive request headers from the initial request to the redirected host on cross-domain redirects, which were not removed correctly. Message::setHeaders does not replace the entire set of headers, but only operates on the headers matchin...

7AI score
Exploits0References4Affected Software1
OSV
OSV
added 2024/05/15 5:48 p.m.13 views

GHSA-8JP9-MPV9-98RJ amphp/http-client Header leakage on cross-domain redirects

amphp/http-client has a security weakness that might leak sensitive request headers from the initial request to the redirected host on cross-domain redirects, which were not removed correctly. Message::setHeaders does not replace the entire set of headers, but only operates on the headers matchin...

4CVSS7AI score
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
added 2024/05/15 12:0 a.m.19 views

amphp/http-client Header leakage on cross-domain redirects

amphp/http-client has a security weakness that might leak sensitive request headers from the initial request to the redirected host on cross-domain redirects, which were not removed correctly. Message::setHeaders does not replace the entire set of headers, but only operates on the headers matchin...

7AI score
Exploits0References5Affected Software1
NVD
NVD
added 2024/05/07 9:15 p.m.31 views

CVE-2024-34346

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading /proc/self/environ may provide access...

9CVSS8.4AI score0.00368EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/19 5:1 p.m.21 views

CVE-2022-40745 IBM Aspera Faspex information disclosure

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security. IBM X-Force ID: 236452...

5.5CVSS5.5AI score0.00137EPSS
Exploits0References2
CERT
CERT
added 2024/04/16 12:0 a.m.41 views

Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models

Overview Lambda Layers in third party TensorFlow-based Keras models allow attackers to inject arbitrary code into versions built prior to Keras 2.13 that may then unsafely run with the same permissions as the running application. For example, an attacker could use this feature to trojanize a...

9.8CVSS9.7AI score0.01745EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/03/21 12:0 a.m.3 views

PT-2024-20485 · Cdex · Cdex

Name of the Vulnerable Software and Affected Versions: CDeX application versions through 5.7.1 Description: The issue is related to a weak password recovery mechanism in the CDeX application, which allows the retrieval of a password reset token. Recommendations: For versions through 5.7.1, update...

8CVSS6.4AI score0.00598EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/03/05 12:36 a.m.4 views

edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message

A security weakness was identified in EDK2, the open-source reference implementation of the UEFI specification, revealing a buffer overflow vulnerability. This vulnerability enables an unauthorized attacker within proximity on the network to transmit a specifically crafted DHCPv6 Advertise messag...

8.8CVSS6.4AI score0.01186EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/03/04 2:3 a.m.2 views

edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message

A security weakness was identified in EDK2, the open-source reference implementation of the UEFI specification, revealing a buffer overflow vulnerability. This vulnerability enables an unauthorized attacker within proximity on the network to transmit a specifically crafted DHCPv6 Advertise messag...

8.8CVSS6.4AI score0.01186EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2024/02/19 12:0 a.m.6 views

The vulnerability of the monitoring tool for VMware Aria Operations lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the monitoring tool for VMware Aria Operations is related to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

7.7CVSS6.3AI score0.00498EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/02/07 2:51 p.m.98 views

CVE-2024-24771

Open Forms CVE-2024-24771 affects multiple versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2, with a non-exploitable MFA weakness that could allow a second-factor bypass if a superuser’s credentials are compromised. Attack could let the attacker view sensitive submissions or impersonate staff if b...

7.7CVSS5.8AI score0.00599EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2024/01/30 12:0 a.m.5 views

Tenda AC10U setSmartPowerManagement function stack buffer overflow vulnerability

Tenda AC10U is a wireless router from Tenda China. A stack buffer overflow vulnerability exists in the Tenda AC10U setSmartPowerManagement function, which is caused by a failure of the setSmartPowerManagement function to properly boundary check. An attacker can exploit this vulnerability to cause...

9.8CVSS8AI score0.00894EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/01/19 12:0 a.m.5 views

IBM OpenPages with Watson Security Vulnerability

IBM OpenPages with Watson is an AI-powered financial risk analytics solution. The platform is based on AI technology to predict risk factors and minimize risk in financial activities by integrating, automatically identifying, measuring, monitoring, analyzing, and managing risk data through a numb...

8.1CVSS6.8AI score0.00528EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/01/16 3:30 p.m.30 views

Privilege escalation for users that can access mock configuration

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, whic...

9.8CVSS7.6AI score0.01552EPSS
Exploits1References10Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/11/15 12:0 a.m.9 views

The vulnerability of the XML Sitemap Generator plugin for the WordPress content management system allows attackers to execute XSS attacks.

The vulnerability of the XML Sitemap Generator plugin for the WordPress content management system exists due to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform XSS attacks remotely...

6.4CVSS6.2AI score0.02205EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/11/01 12:0 a.m.32 views

IBM WebSphere Application Server Liberty 23.0.0.9 < 23.0.0.11 Security Weakness (7058356)

The IBM WebSphere Application Server Liberty running on the remote host is 23.0.0.9 prior to 23.0.0.11. It may, therefore, provide weaker than expected security due to improper resource expiration handling. Note that Nessus has not tested for this issue but has instead relied only on the...

9.8CVSS6.7AI score0.00456EPSS
Exploits0References2
Rows per page
Query Builder