CVE-2024-8923 : SERVICENOW NOW PLATFORM IMPROPER AUTHENTICATION
Description ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an
CVE-2024-49768 : PYLONS WAITRESS UP TO 3.0.0 ON PYTHON HTTP PIPELINING RECV_BYTES TOCTOU
Description Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a
CVE-2024-6674 : PARISNEO LOLLMS-WEBUI UP TO 9.8 PRIVATE API KEY ORIGIN VALIDATION
Description A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser
What is AI-Driven SOC?
An AI-powered Security Operations Center (SOC) represents a revolutionary change in the way organizations manage cybersecurity. By combining artificial intelligence
CVE-2024-47821 : PYLOAD UP TO 0.5.0B3.DEV86/ .PYLOAD/SCRIPTS OS COMMAND INJECTION
Description pyLoad is a free and open-source Download Manager. The folder `/.pyload/scripts` has scripts which are run when certain actions
CVE-2024-48581 : SOURCECODESTER BEST COURIER MANAGEMENT SYSTEM 1.0 ADMIN_CLASS.PHP UNRESTRICTED UPLOAD
Description File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code
CVE-2024-20329 : CISCO ASA UP TO 9.19.1.18 EXPRESSION/COMMAND DELIMITERS
Description A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker
CVE-2024-47575 : FONTINET FORTIMANAGER UP TO 7.6.0 REQUEST MISSING AUTHENTICATION
Description A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0
CVE-2024-47901 : SIEMENS INTERMESH 7177 HYBRID 2.0 SUBSCRIBER PRIOR 8.2.12 WEB SERVER OS COMMAND INJECTION
Description A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber
CVE-2024-50066 : LINUX KERNEL UP TO 6.6.57/6.11.4 MREMAP MEMORY CORRUPTION
Description In the Linux kernel, the following vulnerability has been resolved: mm/mremap: fix move_normal_pmd/retract_page_tables race In mremap(), move_page_tables() looks at
CVE-2024-31880 : IBM DB2/DB2 CONNECT SERVER 10.5/11.1/11.5 SQL STATEMENT ALLOCATION OF RESOURCES
Description IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a
CVE-2024-48919 : GETCURSOR UP TO 0.41 INPUT VALIDATION
Description Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated
CVE-2024-45335 : TREND MICRO ANTIVIRUS ONE UP TO 3.10.5 SCAN DETECTION PRIVILEGE ESCALATION
Description Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a
CVE-2024-45518 : SYNACOR ZIMBRA COLLABORATION SUITE HTTP REQUEST SERVER-SIDE REQUEST FORGERY
Description An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and
What is Cybersecurity Mesh Architecture?
Cybersecurity Network Architecture (CSMA) is a flexible, deployable approach that decentralizes security controls. Move the security perimeter from a centralized
CVE-2024-9473 : PALO ALTO GLOBALPROTECT APP UP TO 5.1/6.1/6.2.4/6.3 ON WINDOWS REPAIR UNNECESSARY PRIVILEGES
Description A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows
CVE-2024-9463 : PALO ALTO EXPEDITION UP TO 1.2.95 DEVICE CONFIGURATION OS COMMAND INJECTION
Description An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands
CVE-2024-47763 : BYTECODEALLIANCE WASMTIME UP TO 21.0.1/22.0.0/23.0.2/24.0.0/25.0.1 CONTROL FLOW
Description Wasmtime is an open source runtime for WebAssembly. Wasmtime’s implementation of WebAssembly tail calls combined with stack traces can
CVE-2024-46292 : OWASP MODSECURITY 3.0.12 INPUT NAME DENIAL OF SERVICE
Description A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input
CVE-2024-25825 : FYDEOS FOR PC EMPTY PASSWORD IN CONFIGURATION FILE
Description FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 were
CVE-2024-8015 : PROGRESS TELERIK REPORTING UP TO 10.2.24.806 EXTERNALLY-CONTROLLED INPUT TO SELECT CLASSES OR CODE
Description In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through
CVE-2024-47422 : ADOBE FRAMEMAKER UP TO 2020.6/2022.4 UNTRUSTED SEARCH PATH
Description Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Untrusted Search Path vulnerability that could lead to
CVE-2024-47666 : LINUX KERNEL UP TO 6.6.50/6.10.9 PM80XX PM8001_PHY_CONTROL STACK-BASED OVERFLOW
Description In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Set phy->enable_completion only when we wait for
CVE-2024-9286 : TRTEK SOFTWARE DISTANT EDUCATION PLATFORM PRIOR 3.2024.11 SQL INJECTION
Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’), Improper Input Validation vulnerability in TRtek Software