PT-2024-18904 · Unknown +1 · Dash-Core-Components +2

Name of the Vulnerable Software and Affected Versions: dash-core-components versions prior to 2.13.0 dash versions prior to 2.15.0 dash-html-components versions prior to 2.0.16 Description: The issue allows an authenticated attacker to steal data visible to another user who opens a view that...

Application Security Posture Management

Accelerating the Remediation of Vulnerabilities From Code To Cloud Written by Eric Sheridan, Chief Innovation Officer, Tromzo In this guest blog post by Eric Sheridan, Chief Innovation Officer at valued Rapid7 partner Tromzo, you’ll learn how Rapid7 customers can utilize ASPM solutions to...

PT-2023-7266 · Xen +2 · Xen +2

Name of the Vulnerable Software and Affected Versions: Xen affected versions not specified Description: The issue arises from a mismatch in the IOMMU quarantine page table levels. On systems with no RAM above the 512GB mark, only 3 page-table levels are configured in the IOMMU, while the quaranti...

Qualys Is the Outperformer in the New GigaOm Radar Report for Continuous Vulnerability Management

GigaOm has unveiled its third-annual Radar for Continuous Vulnerability Management featuring Qualys. In this Report, GigaOm provides a detailed analysis of the value and progression of vulnerability management VM capabilities to help organizations build the best security and vulnerability...

Microsoft Outlook Information Disclosure Vulnerability

...

ScienceLogic SL1 SQL Injection Vulnerability

ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. A SQL injection vulnerability exists in ScienceLogic SL1 11.1.2 and earlier versions, which can be exploited by an attacker to execute illegal SQL...

PT-2023-32999 · Umami · Umami

Name of the Vulnerable Software and Affected Versions: Umami affected versions not specified Description: The issue allows anyone with a share link to reset website data. When a user navigates to a /share/ URL, they receive a share token used for authentication, which is later verified by useAuth...

Open-Source Projects Use the Wordfence Vulnerability Data Feed API and You Can Too!

Prior to joining the Wordfence Threat Intelligence team, I spent several years as a vulnerability analyst, responsible for collecting, analyzing, and curating every publicly disclosed vulnerability. This meant collecting vulnerability information from almost a hundred different, disparate sources...

PT-2023-18606 · T&D +1 · Tr-71W/72W +7

Name of the Vulnerable Software and Affected Versions: T&D Corporation data logger products TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions ESPEC MIC CORP. data logger products RT-12N/RS-12N a...

CVE-2023-28427 Prototype pollution in matrix-js-sdk

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

CVE-2022-48352

Some smartphones have data initialization issues. Successful exploitation of this vulnerability may cause a system panic...

CVE-2023-20027

creationtimestamp| type| source ---|---|--- 2023-03-23 19:36:57+00:00| seen| https://t.me/cibsecurity/60596 2023-03-24 11:20:58+00:00| seen| https://t.me/truesecator/4210 2023-07-03 11:56:00+00:00| seen| https://www.jerrygamblin.com/2023/07/03/2023-first-half-cve-data-review/...

CVE-2020-15706

creationtimestamp| type| source ---|---|--- 2023-03-02 13:33:13+00:00| seen| MISP/fde9c681-95fa-4561-81cb-2ed3099c8263...

bootstrap: XSS in the data-target attribute

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...

CVE-2022-32519

A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert Versions prior to V7.9.0...

Exploit for Argument Injection in Atlassian Bitbucket

CVE-2022-36804: Pre-Auth RCE in Atlassian Bitbucket Server A c...

GSD-2023-1000137 netfilter: ctnetlink: fix compilation warning after data race fixes in ct mark

netfilter: ctnetlink: fix compilation warning after data race fixes in ct mark This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.83 by commi...

CVE-2022-37933

A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be exploited to allow local unauthorized data injection. HPE has made the following software updates to resolve the vulnerability in HPE Superdome Flex firmware...

CVE-2022-46310

The TelephonyProvider module has a vulnerability in obtaining values.Successful exploitation of this vulnerability may affect data confidentiality...

CVE-2022-47411

An issue was discovered in the fpnewsletter aka Newsletter subscriber management extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via unsubscribeAction operations...