CVE-2020-26296

CVE-2020-26296 concerns a cross-site scripting (XSS) vulnerability in the Vega visualization library used in the npm package, present in Vega before version 5.17.3. The vulnerability arises from specially crafted Vega expressions that could cause arbitrary JavaScript execution on a victim’s machi...

CVE-2020-26296 XSS in Vega

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Vega in an npm package. In Vega before version 5.17.3 there is an XSS vulnerability in Vega expressions. Through a specially crafted Vega expression, an attacker could execut...

Watcher - Open Source Cybersecurity Threat Hunting Platform

Watcher is a Django & React JS automated platform for discovering new potentially cybersecurity threats targeting your organisation. It should be used on webservers and available on Docker. Watcher capabilities Detect emerging vulnerability, malware using social network & other RSS sources...

Tangro Business Workflow Security Vulnerability

Tangro Business Workflow is a software from the German company Tangro that allows you to visualize the internal control and approval processes of SAP document content. A security vulnerability exists in tangro Business Workflow before 1.18.1, which can be exploited to manipulate documents attache...

Add Security Events to Your Monitoring Tools

Real-time monitoring is important in every organization because it enables stakeholders to understand what is happening at any given time and react quickly. There are a lot of systems and devices we can and should monitor using tools such as application performance monitoring, digital performance...

Gping - Ping, But With A Graph

Ping, but with a graph. Install FYI: The old Python version can be found under the python tag. Homebrew MacOS + Linux brew tap orf/brew brew install gping Binaries Windows Download the latest release from the github releases page. Extract it and move it to a directory on your PATH. Cargo cargo...

Visualizing Network Traffic Data to Drive Action

Top 5 multi group queries for analyzing network sensor data We launched the Insight Network Sensor earlier this year and have since seen great adoption from both new and existing customers. The main use case behind this success is the need for network visibility. Customers want to know what is...

Welcome to ThreatPursuit VM: A Threat Intelligence and Hunting Virtual Machine

Skilled adversaries can deceive detection and often employ new measures in their tradecraft. Keeping a stringent focus on the lifecycle and evolution of adversaries allows analysts to devise new detection mechanisms and response processes. Access to the appropriate tooling and resources is critic...

Manuka - A Modular OSINT Honeypot For Blue Teamers

Manuka is an Open-source intelligence OSINT honeypot that monitors reconnaissance attempts by threat actors and generates actionable intelligence for Blue Teamers. It creates a simulated environment consisting of staged OSINT sources, such as social media profiles and leaked credentials, and trac...

lightning-server cross-site scripting vulnerability

lightning-server is a personal developer Npm library for data visualization applications . The library provides API-based access to reproducible Web-based interactive visualizations. A security vulnerability exists in all versions of lightning-server, which can be exploited by an attacker to inje...

CVE-2020-14854

Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion component: UI and Visualization. The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Infrastructu...

CVE-2020-14854

Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion component: UI and Visualization. The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Infrastructu...

Design/Logic Flaw

Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion component: UI and Visualization. The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Infrastructu...

CVE-2020-14854

Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion component: UI and Visualization. The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Infrastructu...

CVE-2020-14854

CVE-2020-14854 affects Oracle Hyperion Infrastructure Technology UI and Visualization (affected 11.1.2.4). Vulnerability allows a high-privileged attacker with network access via HTTP to compromise data with user interaction required; impact to confidentiality and integrity is indicated (CVE CVSS...

Visualize Visitor Prioritization in Real Time with mPulse

The internet has become one of the most important access points in our daily lives. Unexpected surges in demand can slow web pages and create service outages for unprepared websites. A poor user experience leads to dissatisfied customers, making it more critical than ever to visualize and control...

Define What to Parse From Logs with the Custom Parsing Tool in InsightIDR

Data is essential to any SIEM. Generally, this data is collected from logs, endpoints, and networks. All of this data paints a holistic picture of your network so you have constant visibility into what’s going on, and where. When it comes to security data, log data is the primary driver. In...

SAP 3D Visual Enterprise Viewer Input Validation Error Vulnerability (CNVD-2020-53167)

SAP 3D Visual Enterprise Viewer is a free 3D visualization viewer for Windows. An input validation error vulnerability exists in SAP 3D Visual Enterprise Viewer 9, which can be exploited by an attacker to cause an application crash via a specially crafted EPS file...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.5.8 security update

An update for cluster-network-operator-container, cluster-version-operator-container, elasticsearch-operator-container, logging-kibana6-container, and ose-cluster-svcat-controller-manager-operator-container is now available for Red Hat OpenShift Container Platform 4.5. Red Hat Product Security ha...

Exploit for Improper Access Control in Elasticsearch

欢迎各位大佬提BUG,当前版本 AssetScanV1.3 周期 初版：2019年11月28日 V1.0初版编写完成 修改1：2019年12月02日 感谢Shadow·J反馈kali下文件导入异常 修改2：2019年12月03日 V1.1发布，新增ARP存活检测（回滚，测bug） 修改3：2019年12月04日 V1.2发布，修复漏洞脚本异常，修复weblogic脚本 修改4：2019年12月05日 V1.2修改，感谢sevck提供设计思路以及代码不规范问题 修改5：2019年12月05日 V1.2修改，修复IP数据处理异常 修改6：2019年12月19日...