CVE-2023-50292 : APACHE SOLR UP TO 8.11.2/9.2.X PERMISSION ASSIGNMENT
Description Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects
CVE-2024-24830 : OPENOBSERVE UP TO 0.7.X ROLE-BASED ACCESS CONTROL /API/{ORG_ID}/USERS IMPROPER AUTHORIZATION
Description OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A
RBI Mandated Web Application Firewall On Digital Products | Prophaze
The Reserve Bank of India (RBI) has recently mandated the implementation of web application firewalls (WAFs) and DDoS mitigation techniques
CVE-2024-23673 : APACHE SLING SERVLETS RESOLVER UP TO 2.10.X SCRIPT PATH TRAVERSAL
Description Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of
CVE-2024-22853 : D-LINK GO-RT-AC750 101B03 HARD-CODED PASSWORD
Description D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access
CVE-2024-22320 : IBM OPERATIONAL DECISION MANAGER UP TO 8.12.0.1 REQUEST DESERIALIZATION
Description IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute
CVE-2024-24573 : WILLYXJ FACILEMANAGER UP TO 4.5.0 POST REQUEST PROCESSPOST.PHP AUTHORIZATION
Description facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier,
CVE-2024-21649 : VANTAGE6 UP TO 4.1.X ENVIRONMENT VARIABLE CODE INJECTION
Description The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC).
CVE-2024-1015 : SE-ELEKTRONIC E-DDC3.3 03.07.03 WEB CONFIGURATION CODE INJECTION
Description Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands
What Is DNS Water Torture?
DNS Water Torture is a type of DDoS attack that targets the Domain Name System (DNS), a critical component of
CVE-2024-0841 : LINUX KERNEL HUGETLB PAGE HUGETLBFS_FILL_SUPER NULL POINTER DEREFERENCE
Description A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality.
CVE-2024-22099 : LINUX KERNEL UP TO 6.7 CORE.C NULL POINTER DEREFERENCE
Description NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers.
What Is Jenkins? What Are The Best Practices For Jenkins Security?
Jenkins is an open-source automation server that has emerged as a popular tool for streamlining software development workflows. In this
CVE-2024-23636 : SOFASTACK SOFA-RPC UP TO 5.11.X SOFA HESSIAN PROTOCOL DESERIALIZATION
Description SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while
What Are CLDAP Attacks? What are the Risks and impacts of such attacks?
Connectionless Lightweight Directory Access Protocol (CLDAP) is a network protocol used for querying and modifying directory information services, such as
CVE-2024-0775 : LINUX KERNEL UP TO 6.4-RC1 EXT4 FILE SYSTEM FS/EXT4/SUPER.C __EXT4_REMOUNT USE AFTER FREE
Description A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows
CVE-2023-32272 : INTEL NUC PRO SOFTWARE SUITE CONFIGURATION TOOL PRIOR 3.0.0.6 UNCONTROLLED SEARCH PATH
Description Uncontrolled search path in some Intel NUC Pro Software Suite Configuration Tool software installers before version 3.0.0.6 may allow
CVE-2023-40683 : IBM OPENPAGES WITH WATSON 8.3/9.0 IMPROPER AUTHORIZATION
Description IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization
CVE-2024-0646 : LINUX KERNEL TLS /NET/TLS/TLS_SW.C TLS_SW_SENDMSG_SPLICE OUT-OF-BOUNDS WRITE
Description An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user
CVE-2023-50164 : ORACLE MYSQL ENTERPRISE MONITOR 8.0.36 AND PRIOR MONITORING REMOTE CODE EXECUTION
Description An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to
CVE-2023-22527 : ATLASSIAN CONFLUENCE DATA CENTER/CONFLUENCE SERVER PRIOR 8.5.4 TEMPLATE INJECTION
Description Summary of Vulnerability A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated
What Are GRE-IP UDP Floods?
Generic Routing Encapsulation (GRE) is a tunneling protocol that encapsulates various network protocols within Internet Protocol (IP) packets. User Datagram
‘Rapid Reset’ DDoS Strikes Amplify With HTTP/2 Vulnerability
In recent months, a groundbreaking cyber threat has emerged, shaking the foundations of web security and challenging major cloud infrastructure
CVE-2023-7028 : GITLAB COMMUNITY EDITION/ENTERPRISE EDITION UP TO 16.7.1 PASSWORD RESET UNKNOWN VULNERABILITY
Description An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to