CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1561 matches found

Imperva Blog•added 2024/09/18 1:0 p.m.•11 views

The Rising Cost of Vulnerable APIs and Bot Attacks – A $186 Billion Wake-Up Call for Businesses

How much do bot attacks and API insecurity cost organizations? To answer these questions, Imperva engaged the Marsh McLennan Cyber Risk Intelligence Center to analyze incident data related to vulnerable APIs and bot attacks. Imperva’s latest report, “The Economic Impact of API and Bot Attacks,"...

7.2AI score

Exploits0

Rapid7 Blog•added 2024/09/17 1:0 p.m.•15 views

Rapid7 Introduces Vector Command, a New Managed Service for Continuous Red Teaming

Rapid7 is delighted to announce the launch of Vector Command, a continuous red teaming managed service designed to assess your external attack surface and identify gaps in the security defenses on an ongoing basis. Following the launch of Surface Command and Exposure Command in August, Vector...

7.7AI score

Exploits0

Microsoft CVE•added 2024/09/11 7:0 a.m.•2 views

drm/vmwgfx: Unmap the surface before resetting it on a plane state

...

5.5CVSS8.8AI score0.00225EPSS

Exploits0

Rapid7 Blog•added 2024/09/10 1:1 p.m.•23 views

Rapid7 Named a Leader in IDC MarketScape: Worldwide SIEM for SMB and Enterprise

Rapid7 is excited to share we have been recognized as a Leader in the IDC MarketScape: Worldwide SIEM for SMB 2024 Vendor Assessment doc US52038824, September 2024 and the IDC MarketScape: Worldwide SIEM for Enterprise 2024 Vendor Assessment doc US51541324, September 2024. We want to thank our...

7.2AI score

Exploits0

The Hacker News•added 2024/09/10 11:20 a.m.•20 views

Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

Shadow apps, a segment of Shadow IT, are SaaS applications purchased without the knowledge of the security team. While these applications may be legitimate, they operate within the blind spots of the corporate security team and expose the company to attackers. Shadow apps may include instances of...

7AI score

Exploits0

Veracode•added 2024/09/10 8:10 a.m.•9 views

Expired OTP Usage

Keycloak is vulnerable to Expired OTP Usage. The vulnerability is due to OTP codes generated by FreeOTP remaining valid for an additional 30 seconds beyond their expiration time, increasing the attack window and surface by allowing two OTPs to be valid simultaneously...

4.8CVSS5AI score0.00393EPSS

Exploits0References5Affected Software1

OSV•added 2024/09/09 9:31 p.m.•17 views

GHSA-57RH-GR4V-J5F6 Duplicate Advisory: Keycloak Uses a Key Past its Expiration Date

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xmmm-jw76-q7vg. This link is maintained to preserve external references. Original Description A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token perio...

6.3CVSS5.2AI score0.00393EPSS

Exploits0References6

Cvelist•added 2024/09/09 6:50 p.m.•49 views

CVE-2024-7318 Keycloak-core: one time passcode (otp) is valid longer than expiration timeseverity

A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds default. Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute. A one time passco...

4.8CVSS0.00393EPSS

Exploits0References4

CVE•added 2024/09/09 6:50 p.m.•279 views

CVE-2024-7318

CVE-2024-7318 (Keycloak) describes an OTP expiry flaw: when using FreeOTP with the default 30-second token period, expired codes can still be used, effectively making OTPs valid for 60 seconds. This creates an attack window and doubles the number of valid OTPs at any time, potentially allowing ac...

4.8CVSS5.2AI score0.00393EPSS

Exploits0References4Affected Software1

RedhatCVE•added 2024/09/09 2:12 p.m.•23 views

CVE-2024-7318

4.8CVSS6.8AI score0.00393EPSS

Exploits0References3

The Hacker News•added 2024/09/09 12:34 p.m.•12 views

One More Tool Will Do It? Reflecting on the CrowdStrike Fallout

The proliferation of cybersecurity tools has created an illusion of security. Organizations often believe that by deploying a firewall, antivirus software, intrusion detection systems, identity threat detection and response, and other tools, they are adequately protected. However, this approach n...

6.8AI score

Exploits0

The Hacker News•added 2024/08/23 10:55 a.m.•32 views

Focus on What Matters Most: Exposure Management and Your Attack Surface

Read the full article for key points from Intruder's VP of Product, Andy Hornegold's recent talk on exposure management. If you'd like to hear Andy's insights first-hand, watch Intruder's on-demand webinar. To learn more about reducing your attack surface, reach out to their team today. Attack...

10CVSS7.8AI score0.99999EPSS

Exploits43

CNNVD•added 2024/08/23 12:0 a.m.•2 views

Mattermost plugin Channel Export 安全漏洞

Mattermost Plugin Channel Export is a plugin from Mattermost USA. A security vulnerability exists in Mattermost plugin Channel Export version 1.0.0 and prior versions, which stems from an inability to limit concurrent runs of the /export command. An attacker can use this vulnerability to consume...

4.3CVSS6.7AI score0.00434EPSS

Exploits0References2

The Hacker News•added 2024/08/22 10:3 a.m.•24 views

The Facts About Continuous Penetration Testing and Why It's Important

What is Continuous Attack Surface Penetration Testing or CASPT? Continuous Penetration Testing or Continuous Attack Surface Penetration Testing CASPT is an advanced security practice that involves the continuous, automated, and ongoing penetration testing services of an organization's digital...

8AI score

Exploits0

SUSE CVE•added 2024/08/22 3:29 a.m.•3 views

SUSE CVE-2022-48880

In the Linux kernel, the following vulnerability has been resolved: platform/surface: aggregator: Add missing call to ssamrequestsyncfree Although rare, ssamrequestsyncinit can fail. In that case, the request should be freed via ssamrequestsyncfree. Currently it is leaked instead. Fix this...

4.4CVSS6.5AI score0.00239EPSS

Exploits0References8