Detect & Address the Top 10 MITRE ATT&CK Techniques for Ransomware Using Policy Compliance
In cybersecurity, the battle against ransomware is a pivotal challenge for organizations worldwide. Attackers are consistently refining their methods, highlighting the critical need for businesses to remain proactive in their defense strategies. To effectively address this threat, it is essential.....
7.6AI Score
K000139558 : Multiple Node.JS vulnerabilities CVE-2023-46809, CVE-2024-21892, and CVE-2024-22019
Security Advisory Description CVE-2023-46809 This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available. Learn more about the Reserved state here. CVE-2024-21892 On Linux, Node.js ignores certain environment...
7.5CVSS
0.0004EPSS
Security Bulletin: AIX is vulnerable to a denial of service due to libxml2 (CVE-2024-25062)
Summary Vulnerability in libxml2 could allow a remote attacker to cause a denial of service (CVE-2024-25062). AIX uses libxml2 as part of its XML parsing functions. Vulnerability Details ** CVEID: CVE-2024-25062 DESCRIPTION: **GNOME libxml2 is vulnerable to a denial of service, caused by a...
7.5CVSS
6.6AI Score
0.0005EPSS
API Security and The Silent Menace of Unknown APIs
The digital application landscape is evolving rapidly, with APIs as the backbone of modern software development. However, amidst all this innovation lies a silent menace: the prevalence of unknown APIs. These APIs, often lurking beyond sanctioned channels, pose significant security risks to...
7.8AI Score
Summary The org.eclipse.core.runtime component is used by TPF Toolkit as part of the basic platform infrastructure (CVE-2023-4218). Additionally, the Apache commons-compress package is used by TPF Toolkit web applications services as part of the code coverage feature (CVE-2024-26308,...
5.5CVSS
6.3AI Score
0.001EPSS
IntelBroker Hacker Claims Breach of Top Cybersecurity Firm, Selling Access
By Waqas The norotious IntelBroker hackers claims to have breached a leading cybersecurity company (revenue: $1.8 billion). The hacker is selling access to stolen data, including sensitive credentials and critical logs, for $20,000 in cryptocurrency. This is a post from HackRead.com Read the...
7.2AI Score
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Business Developer
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU - Jan 2024 - Includes...
7.5CVSS
7.4AI Score
0.001EPSS
Summary Potential unspecified vulnerability in Java SE related to the VM component (CVE-2024-20926) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details **...
5.9CVSS
7.1AI Score
0.001EPSS
Summary Potential unspecified vulnerability in Java SE related to the VM component (CVE-2024-20918) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details **...
7.4CVSS
6.9AI Score
0.001EPSS
Summary Potential unspecified vulnerability in Java SE related to the VM component (CVE-2024-20921) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details **...
5.9CVSS
7AI Score
0.001EPSS
Summary Potential unspecified vulnerability in Java SE related to the VM component (CVE-2024-20919) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details **...
5.9CVSS
6.9AI Score
0.0005EPSS
[SECURITY] [DSA 5683-1] chromium security update
Debian Security Advisory DSA-5683-1 [email protected] https://www.debian.org/security/ Andres Salomon May 08, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-4558 CVE-2024-4559...
7.7AI Score
Spin applications with specific configuration vulnerable to potential network sandbox escape
Impact Some specifically configured Spin applications that use self requests without a specified URL authority can be induced to make requests to arbitrary hosts via the Host HTTP header. If an application's manifest contains a component with configuration such as toml allowed_outbound_hosts =...
9.1CVSS
7.3AI Score
Summary IBM MQ is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM MQ have been published in a security bulletin CVE-2023-26159, CVE-2024-25015, CVE-2024-25048, CVE-2024-20952, CVE-2023-33850, CVE-2023-6237, CVE-2024-0727 Vulnerability Details...
7.5CVSS
7.4AI Score
0.002EPSS
Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL...
8.8AI Score
libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_write_bits function. This issue can be triggered when the function is fed with specially crafted input, which leads to out-of-bounds read and can potentially cause a crash or other unintended...
7.2AI Score
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at...
8.9AI Score
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at...
8.9AI Score
[SECURITY] [DLA 3811-1] python-idna security update
Debian LTS Advisory DLA-3811-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin May 08, 2024 https://wiki.debian.org/LTS Package : python-idna Version : 2.6-1+deb10u1 CVE ID ...
6.3AI Score
LiteSpeed Cache Plugin XSS Vulnerability Affects 1.8M WordPress Sites
By Deeba Ahmed Is your WordPress site using LiteSpeed Cache? A recent surge in malicious JavaScript injections targets vulnerable versions. Learn how to identify the signs of infection and prevent future attacks. Patch, scan, and secure your WordPress site today! This is a post from HackRead.com...
6.2AI Score
Citrix Hypervisor Security Update for CVE-2024-31497
Description of Problem Versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR included a 3rd-party component, PuTTY, that is used to enable SSH connections from XenCenter to guest VMs when the “Open SSH Console” button is selected. The inclusion of PuTTY with XenCenter for Citrix Hypervisor 8.2.....
7AI Score
0.0005EPSS
Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server...
6.5CVSS
7.3AI Score
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at...
8.9AI Score
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at...
8.9AI Score
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at...
8.9AI Score
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at...
8.9AI Score
Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable...
2.2CVSS
8.4AI Score
Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution
Cisco Talos' Vulnerability Research team recently disclosed three zero-day vulnerabilities that are still unpatched as of Wednesday, May 8. Two vulnerabilities in this group -- one in the Tinyroxy HTTP proxy daemon and another in the stb_vorbis.c file library -- could lead to arbitrary code...
9.8CVSS
9.5AI Score
0.001EPSS
obrassomusic.nl Cross Site Scripting vulnerability OBB-3926897
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
johncoostore.com Cross Site Scripting vulnerability OBB-3926896
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/cloudInterface.php. The manipulation of the argument INSTI_CODE leads to sql injection. It is possible to initiate the attack remotely......
6.3CVSS
7.9AI Score
@hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environments. Prior to 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.js vm module. However, the vm module is not safe for sandboxing untrusted Javascript code. This is because code inside the....
8.3CVSS
7.5AI Score
PTC Codebeamer is vulnerable to a cross site scripting vulnerability that could allow an attacker to inject and execute malicious...
7.1CVSS
6.7AI Score
An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached...
6.8CVSS
7.2AI Score
A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1 and classified as critical. Affected by this issue is some unknown functionality of the file /xds/outIndex.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The...
6.3CVSS
7.8AI Score
Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use self requests without a specified URL authority can be induced to make requests to arbitrary hosts via the Host HTTP header....
9.1CVSS
7.4AI Score
Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. However, this issue cannot be exploited by an attacker because it is not consistently reproducible and is beyond an attacker's control. ....
6.5CVSS
7.3AI Score
An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical Support (EoTS) are not...
7.4CVSS
7.2AI Score
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at...
8.9AI Score
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at...
8.9AI Score
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at...
8.9AI Score
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at...
8.9AI Score
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at...
8.9AI Score
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at...
8.9AI Score
When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not...
7.5CVSS
7.1AI Score
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at...
8.9AI Score
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at...
8.9AI Score
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the idlist parameter at...
8.9AI Score
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at...
8.9AI Score
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at...
8.9AI Score