Blind XSS Leading to Froxlor Application Compromise
Description: A Stored Blind Cross-Site Scripting (XSS) vulnerability has been identified in the Failed Login Attempts Logging Feature of the Froxlor Application. Stored Blind XSS occurs when user input is not properly sanitized and is stored on the server, allowing an attacker to inject malicious.....
9.6CVSS
5.4AI Score
0.0004EPSS
Blind XSS Leading to Froxlor Application Compromise
Description: A Stored Blind Cross-Site Scripting (XSS) vulnerability has been identified in the Failed Login Attempts Logging Feature of the Froxlor Application. Stored Blind XSS occurs when user input is not properly sanitized and is stored on the server, allowing an attacker to inject malicious.....
9.6CVSS
5.4AI Score
0.0004EPSS
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
Summary The latest version of lobe-chat(by now v0.141.2) has an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. Details visit https://chat-preview.lobehub.com/settings/agent ...
9CVSS
6.7AI Score
0.0004EPSS
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
Summary The latest version of lobe-chat(by now v0.141.2) has an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. Details visit https://chat-preview.lobehub.com/settings/agent ...
9CVSS
6.9AI Score
0.0004EPSS
CVE-2024-34070 Froxlor Vulnerable to Blind XSS Leading to Froxlor Application Compromise
Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting (XSS) vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malicious scripts in the loginname parameter on.....
9.6CVSS
8.1AI Score
0.0004EPSS
An update is available for firefox. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...
7.5AI Score
0.0004EPSS
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.10.0 ESR. Security Fix(es): GetBoundName in the JIT returned the wrong object (CVE-2024-3852) Out-of-bounds-read after mis-optimized...
6.7AI Score
0.0004EPSS
U.S. Dept Of Defense: Subdomain takeover ████████.mil
Description: The subdomain █████.mil is pointing to peosol-lg.███████., the domain ██████ is currently available for registration as can be seen at https://www.godaddy.com/nl-nl/domainsearch/find?domainToCheck=█████ Given the rules, residency of the US, of the us-tld I decided not to register the.....
6.5AI Score
A guide to finding the right endpoint detection and response (EDR) solution for your business' unique needs. Cybersecurity has become an ongoing battle between hackers and small- and mid-sized businesses. Though perimeter security measures like antivirus and firewalls have traditionally served as.....
6.8AI Score
Researchers Uncover 'LLMjacking' Scheme Targeting Cloud-Hosted AI Models
Cybersecurity researchers have discovered a novel attack that employs stolen cloud credentials to target cloud-hosted large language model (LLM) services with the goal of selling access to other threat actors. The attack technique has been codenamed LLMjacking by the Sysdig Threat Research Team....
9.8CVSS
7.1AI Score
0.975EPSS
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1567)
The remote host is missing an update for the Huawei...
7.5AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1589)
The remote host is missing an update for the Huawei...
7.5AI Score
0.0004EPSS
CVE-2024-3070 Last Viewed Posts by WPBeginner <= 1.0.0 - Unauthenticated PHP Object Injection
The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the LastViewedPosts Cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known...
9.8CVSS
9.9AI Score
0.001EPSS
CVE-2024-3070 Last Viewed Posts by WPBeginner <= 1.0.0 - Unauthenticated PHP Object Injection
The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the LastViewedPosts Cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known...
9.8CVSS
7.4AI Score
0.001EPSS
CVE-2022-31629: Add cookie integrity validation CVE-2024-2756: Move cookie integrity validation...
6.5CVSS
9.2AI Score
0.006EPSS
With this new offering, Qualys establishes itself as the first and only vendor solution with the unique ability to scan AWS Bottlerocket instances directly using the Qualys Cloud Agent and TotalCloud Agent-less Snapshot-Based Scan. This innovative capability empowers organizations to...
7.6AI Score
How AI enhances static application security testing (SAST)
In a 2023 GitHub survey, developers reported that their top task, second only to writing code (32%), was finding and fixing security vulnerabilities (31%). As their teams "shift left" and integrate security checks earlier into the software development lifecycle (SDLC), developers have become the...
7.8AI Score
How to Create Collaboration and Shared Goals with IT and Security Teams
In today’s ITSM landscape, merging IT operations and security practices is no longer “ideal”, but imperative. According to a recent Gartner® Board of Directors Survey 1, 88% of respondents indicated that their organization perceives cybersecurity as a business risk. This was up from 58% in 2016,...
7.4AI Score
1Panel arbitrary file write vulnerability
Summary There are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. We can use the following mirror configuration write symbol > to achieve arbitrary file writing PoC Dockerfile ``` FROM bash:latest.....
6.5CVSS
7.7AI Score
0.0004EPSS
1Panel arbitrary file write vulnerability
Summary There are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. We can use the following mirror configuration write symbol > to achieve arbitrary file writing PoC Dockerfile ``` FROM bash:latest.....
6.5CVSS
7.7AI Score
0.0004EPSS
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components (e.g., framework libraries) that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details ** CVEID: CVE-2019-13224 DESCRIPTION: **oniguruma is vulnerable to a denial of service,...
10CVSS
10AI Score
0.05EPSS
Github Enterprise Authenticated Remote Code Execution
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...
9.8CVSS
8AI Score
0.046EPSS
New Guide: How to Scale Your vCISO Services Profitably
Cybersecurity and compliance guidance are in high demand among SMEs. However, many of them cannot afford to hire a full-time CISO. A _v_CISO can answer this need by offering on-demand access to top-tier cybersecurity expertise. This is also an opportunity for MSPs and MSSPs to grow their business.....
7.1AI Score
In cybersecurity, the battle against ransomware is a pivotal challenge for organizations worldwide. Attackers are consistently refining their methods, highlighting the critical need for businesses to remain proactive in their defense strategies. To effectively address this threat, it is essential.....
7.6AI Score
EulerOS 2.0 SP10 : golang (EulerOS-SA-2024-1567)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not...
7.5AI Score
0.0004EPSS
AlmaLinux 9 : git-lfs (ALSA-2024:2724)
The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:2724 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining...
8AI Score
0.0004EPSS
EulerOS 2.0 SP10 : golang (EulerOS-SA-2024-1589)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not...
6.6AI Score
0.0004EPSS
API Security and The Silent Menace of Unknown APIs
The digital application landscape is evolving rapidly, with APIs as the backbone of modern software development. However, amidst all this innovation lies a silent menace: the prevalence of unknown APIs. These APIs, often lurking beyond sanctioned channels, pose significant security risks to...
7.8AI Score
How implementing a trust fabric strengthens identity and network
The identity security landscape is transforming rapidly. Every digital experience and interaction is an opportunity for people to connect, share, and collaborate. But first, we need to know we can trust those digital experiences and interactions. Customers note a massive rise in the sheer number...
7AI Score
A SaaS Security Challenge: Getting Permissions All in One Place
Permissions in SaaS platforms like Salesforce, Workday, and Microsoft 365 are remarkably precise. They spell out exactly which users have access to which data sets. The terminology differs between apps, but each user's base permission is determined by their role, while additional permissions may...
7.1AI Score
(RHSA-2024:2764) Important: Red Hat JBoss Enterprise Application Platform 8.0 security update
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0. Security Fix(es): undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)...
7.4AI Score
EPSS
(RHSA-2024:2763) Important: Red Hat JBoss Enterprise Application Platform 8.0 security update
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 8.0. Security Fix(es): undertow: Cookie Smuggling/Spoofing (CVE-2023-4639)...
7.4AI Score
EPSS
The Fundamentals of Cloud Security Stress Testing
״Defenders think in lists, attackers think in graphs," said John Lambert from Microsoft, distilling the fundamental difference in mindset between those who defend IT systems and those who try to compromise them. The traditional approach for defenders is to list security gaps directly related to...
7.4AI Score
Security Bulletin: Multiple vulnerabilities in jquery affect IBM Storage Scale
Summary There are multiple vulnerabilities in jquery, used by IBM Storage Scale HDFS transparency, which could allow cross-site scripting, caused by improper validation of user-supplied input. Vulnerability Details ** CVEID: CVE-2012-6708 DESCRIPTION: **jQuery is vulnerable to cross-site...
6.1CVSS
9.8AI Score
0.008EPSS
NTLM Relay Gat - Powerful Tool Designed To Automate The Exploitation Of NTLM Relays
NTLM Relay Gat is a powerful tool designed to automate the exploitation of NTLM relays using ntlmrelayx.py from the Impacket tool suite. By leveraging the capabilities of ntlmrelayx.py, NTLM Relay Gat streamlines the process of exploiting NTLM relay vulnerabilities, offering a range of...
8.3AI Score
Best API Security Product: Wallarm wins 2024 Cybersecurity Excellence Award
We are thrilled to announce that Wallarm has clinched the sought-after 2024 Cybersecurity Excellence Award, under the category Best API Security Product. Our unwavering commitment to pioneering solutions that safeguard digital ecosystems, and fortify API security amidst the evolving cyber threat...
7.3AI Score
K11342432 : BIG-IP HTTP non-RFC-compliant security exposure
Security Advisory Description This issue occurs when a non-RFC-compliant HTTP request is received by a virtual server on a system matching one of the following conditions: BIG-IP 15.1.0 and later version with a virtual server with an HTTP profile with Enforce RFC Compliance enabled. All supported.....
7.2AI Score
Debian dla-3810 : libapache2-mod-php7.3 - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3810 advisory. In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's...
6.5CVSS
7AI Score
0.006EPSS
Oracle Linux 9 : golang (ELSA-2024-2562)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2562 advisory. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or...
7.5CVSS
7.9AI Score
0.0005EPSS
RHEL 8 / 9 : Red Hat JBoss Enterprise Application Platform 8.0 (RHSA-2024:2764)
The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2764 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This...
5.3CVSS
6.2AI Score
EPSS
[SECURITY] [DLA 3810-1] php7.3 security update
Debian LTS Advisory DLA-3810-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin May 07, 2024 https://wiki.debian.org/LTS Package : php7.3 Version : 7.3.31-1~deb10u6 CVE ID :...
6.5CVSS
8.2AI Score
0.006EPSS
Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will lead to exposure of sensitive information for unauthorized access, potentially leading to severe...
6.5CVSS
6.6AI Score
0.0004EPSS
Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will lead to exposure of sensitive information for unauthorized access, potentially leading to severe...
6.5CVSS
6.7AI Score
0.0004EPSS
Summary There is a vulnerability in AntiSamy 1.7.4 used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details ** CVEID: CVE-2024-23635 DESCRIPTION: **AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote...
6.1CVSS
6.3AI Score
0.0004EPSS
Summary There is a vulnerability in AntiSamy 1.7.4 used by IBM Maximo Asset Management . Vulnerability Details ** CVEID: CVE-2024-23635 DESCRIPTION: **AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this...
6.1CVSS
6.5AI Score
0.0004EPSS
Summary There are vulnerabilities in multiple Open Source Software (OSS) components consumed by IBM Planning Analytics Local - Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics Local - Planning Analytics Workspace 2.1.2 and IBM Planning Analytics Local -...
9.8CVSS
10AI Score
EPSS
A local privilege escalation (LPE) vulnerability has been identified in Phish Alert Button for Outlook (PAB), specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect update checks to an...
2.8CVSS
5.4AI Score
0.0004EPSS
A local privilege escalation (LPE) vulnerability has been identified in Phish Alert Button for Outlook (PAB), specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect update checks to an...
2.8CVSS
7.1AI Score
0.0004EPSS
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...
9.8CVSS
9.9AI Score
0.1EPSS
A local privilege escalation (LPE) vulnerability has been identified in Phish Alert Button for Outlook (PAB), specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect update checks to an...
2.8CVSS
5.4AI Score
0.0004EPSS