How Safe Are Your SaaS Data Backups?
In today’s digital environment, discussions about SaaS data backups often revolve around three important questions. How can we protect data
CVE-2024-5822 : GAIZHENBIAO CHUANHUCHATGPT UP TO 20240410 SERVER-SIDE REQUEST FORGERY
Description A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions
CVE-2024-5980 : LIGHTNING-AI PYTORCH-LIGHTNING UP TO 2.2.4 API ENDPOINT /V1/RUNS UNRESTRICTED UPLOAD
Description A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz
CVE-2024-5751 : BERRIAI LITELLM UP TO 1.35.8 ENVIRONMENT VARIABLE ADD_DEPLOYMENT CODE INJECTION
Description BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the
CVE-2024-5826 : VANNA-AI VANNA SRC/VANNA/BASE/BASE.PY VANNA.ASK CODE INJECTION
Description In the latest version of vanna-ai/vanna, the `vanna.ask` function is vulnerable to remote code execution due to prompt injection.
CVE-2024-3330 : SPOTFIRE ANALYST/SERVER/FOR AWS MARKETPLACE PRIVILEGE ESCALATION
Description Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the
CVE-2024-6127 : BC SECURITY EMPIRE UP TO 5.9.2 PATH TRAVERSAL
Description BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution.
CVE-2024-2973 : JUNIPER NETWORKS SESSION SMART ROUTER AUTHENTICATION BYPASS
Description An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running
CVE-2024-36755 : D-LINK DIR-1950 UP TO 1.11B03 SSL CERTIFICATE VALIDATION
Description D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL.
CVE-2024-36075 : NETWRIX COSOSYS ENDPOINT PROTECTOR/COSOSYS UNIFY APPLICATION CONFIGURATION IMPROPER AUTHENTICATION
Description Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the
CVE-2024-5642 : PYTHON SOFTWARE CPYTHON UP TO 3.9.X SSLCONTEXT.SET_NPN_PROTOCOLS BUFFER OVERFLOW
Description CPython 3.9 and earlier doesn’t disallow configuring an empty list (“[]”) for SSLContext.set_npn_protocols() which is an invalid value for