Lucene search
K

26 matches found

HackRead
HackRead
added 2026/04/29 8:33 a.m.7 views

Top AI-Powered Vendor Risk Management Platforms for SaaS Companies in 2026

Top AI-powered vendor risk platforms for SaaS companies in 2026, compare tools, features, and how to choose the…...

5.3AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/27 3:45 a.m.6 views

CVE-2026-7084

A vulnerability was found in HBAI-Ltd Toonflow-app up to 1.1.1. This affects the function fetch of the file src/routes/setting/vendorConfig/getCodeByLink.ts of the component getCodeByLink Endpoint. The manipulation of the argument Link results in server-side request forgery. The attack may be...

6.5CVSS5AI score0.00262EPSS
Exploits0References6Affected Software1
The Hacker News
The Hacker News
added 2026/04/03 11:0 a.m.8 views

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

The next major breach hitting your clients probably won't come from inside their walls. It'll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor nobody in IT knows about. That's the new attack surface, and most organizations are underprepared for it...

6.1AI score
Exploits0
HackRead
HackRead
added 2025/11/10 4:11 p.m.3 views

Why Organizations Can’t Ignore Vendor Risk Assessment in Today’s Cyber-Threat Landscape

In an era where digital ecosystems extend far beyond a company’s internal network, enterprise cybersecurity is no longer…...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/11/07 2:0 p.m.12 views

Threat Landscape of the Building and Construction Sector, Part One: Initial Access, Supply Chain, and the Internet of Things

In 2025, the construction industry stands at the crossroads of digital transformation and evolving cybersecurity risks, making it a prime target for threat actors. Cyber adversaries, including ransomware operators, organized cybercriminal networks, and state-sponsored APT groups from countries su...

6.9AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2025/09/24 12:0 a.m.4 views

Domino Effect: How One Vendor's AI App Breach Toppled Giants

A single AI chatbot breach at Salesloft-Drift exposed data from 700+ companies, including security leaders. The attack shows how AI integrations expand risk, and why controls like IP allow-listing, token security, and monitoring are critical...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 6:52 a.m.6 views

CVE-2024-28139

The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Therefore, the privileges can be escalated to the root user. The risk has been accepted by the vendor and won't be fixed in the near future...

8.8CVSS7.2AI score0.007EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2016-9798

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In BlueZ 5.42, a use-after-free was identified in confopt function in tools/parser/l2cap.c source file. This issue can be triggered by processing a corrupted du...

5.3CVSS6.4AI score0.03806EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2012-3386

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The make distcheck rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a...

4.4CVSS7.6AI score0.00474EPSS
Exploits1References2
NVD
NVD
added 2024/12/11 4:15 p.m.20 views

CVE-2024-28139

The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Therefore, the privileges can be escalated to the root user. The risk has been accepted by the vendor and won't be fixed in the near future...

8.8CVSS0.007EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/11 3:36 p.m.39 views

CVE-2024-28139 Privilege escalation through sudo misconfiguration

The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Therefore, the privileges can be escalated to the root user. The risk has been accepted by the vendor and won't be fixed in the near future...

0.007EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/11 3:36 p.m.14 views

CVE-2024-28139 Privilege escalation through sudo misconfiguration

The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Therefore, the privileges can be escalated to the root user. The risk has been accepted by the vendor and won't be fixed in the near future...

7.2AI score0.007EPSS
Exploits0References1
CVE
CVE
added 2024/12/11 3:36 p.m.57 views

CVE-2024-28139

The CVE-2024-28139 issue involves the www-data user gaining root privileges because sudo is configured to permit the mount command to run as root without a password. This is a privilege escalation via sudo misconfiguration, not a flaw in a specific application feature. The current narrative acros...

8.8CVSS6.8AI score0.007EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2024/03/21 11:30 a.m.19 views

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the Sa...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/11/02 9:24 a.m.46 views

SaaS Security is Now Accessible and Affordable to All

This new product offers SaaS discovery and risk assessment coupled with a free user access review in a unique "freemium" model Securing employees' SaaS usage is becoming increasingly crucial for most cloud-based organizations. While numerous tools are available to address this need, they often...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/10/04 11:54 a.m.38 views

Wing Disrupts the Market by Introducing Affordable SaaS Security

Today, mid-sized companies and their CISOs are struggling to handle the growing threat of SaaS security with limited manpower and tight budgets. Now, this may be changing. By focusing on the critical SaaS security needs of these companies, a new approach has emerged that can be launched for $1,50...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/11/24 7:0 p.m.20 views

[Security Nation] Chris John Riley on Minimum Viable Secure Product (MVSP)

!\Security Nation\ Chris John Riley on Minimum Viable Secure Product \MVSP\https://blog.rapid7.com/content/images/2021/11/securitynationlogo--1--2.jpg In the final installment of Season 4 of Security Nation, Jen and Tod sit down with Chris John Riley, senior security engineer at Google and co-hos...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/10/22 3:49 p.m.27 views

2022 Planning: Designing Effective Strategies to Manage Supply Chain Risk

Supply chains are on everyone's mind right now — from consumer-tech bottlenecks to talks of holiday-season toy shortages. Meanwhile, cyberattacks targeting elements of the supply chain have become increasingly common and impactful — making this area of security a top priority as organizations...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/09/08 1:48 p.m.23 views

Security at Scale in the Open-Source Supply Chain

“We’ve all heard of paying it forward, but this is ridiculous!” That’s probably what most of us think when one of our partners or vendors inadvertently leaves an open door into our shared supply-chain network; an attacker can enter at any time. Well, we probably think in slightly more...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/08/23 2:9 p.m.20 views

Navigating Vendor Risk Management as IT Professionals

One of the great resources available to businesses today is the large ecosystem of value-added services and solutions. Especially in technology solutions, there is no end to the services of which organizations can avail themselves. In addition, if a business needs a particular solution or service...

0.7AI score
Exploits0
Rows per page
Query Builder