CVE-2023-4831 : Ncode Ncep Prior 20230914 SQL Injection
Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ncode Ncep allows SQL Injection.This
What Do You Mean By Formjacking? How To Avoid It?
Formjacking is a malicious practice where cybercriminals inject malicious JavaScript code into e-commerce websites to steal users’ payment card details
CVE-2023-38204 : Adobe ColdFusion Deserialization
Description Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of
What Is Broken Function Level Authorization?
Application Programming Interfaces (APIs) play a vital role in modern software development, enabling communication and integration between different systems. However,
CVE-2023-4501 : Micro Focus OpenText Improper Authentication
Description User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer,
Troubleshooting CoreDNS Issues In MicroK8s: A Technical Deep Dive
MicroK8s is a versatile tool for deploying Kubernetes clusters with minimal overhead. However, when dealing with production-like projects or even
CVE-2023-30995 : IBM ASPERA FASPEX 5.0.5 HTTP REQUEST ACCESS CONTROL
Description IBM Aspera Faspex 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP
CVE-2023-30908 : HPE ONEVIEW IMPROPER AUTHENTICATION
Description Potential security vulnerabilities have been identified in Hewlett Packard Enterprise OneView Software. These vulnerabilities could be remotely exploited to
Safeguarding Application Against Massive Attacks
The Rising Threat of Massive Cyberattacks Cyberattacks have increased in complexity and scale, making it imperative for organizations and individuals
CVE-2023-20238 : CISCO BROADWORKS APPLICATION DELIVERY PLATFORM SINGLE SIGN-ON REMOTE CODE EXECUTION
Description A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services
Unveiling The Latest Enhancement In API Security
In today’s digital landscape, APIs have become the backbone of modern software development, enabling seamless integration and data exchange between
CVE-2023-28581 : QUALCOMM WSA8835 WLAN FIRMWARE MEMORY CORRUPTION
Description Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK KDE. References https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin For More Information CVERecord
Securing Seamless Traffic Distribution On E-commerce Websites
Securing Seamless Traffic Distribution on E-commerce Websites In today’s digital landscape, e-commerce websites are essential to connecting businesses with consumers.
CVE-2023-4744 : TENDA AC8 16.03.34.06_CN_TDC01 FORMSETDEVICENAME STACK-BASED OVERFLOW
Description A vulnerability was found in Tenda AC8 16.03.34.06_cn_TDC01. It has been declared as critical. Affected by this vulnerability is
CVE-2023-39441 : APACHE AIRFLOW OPENSSL CERTIFICATE CERTIFICATE VALIDATION
Description Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected
CVE-2023-4041 : SILICON LABS GECKO BOOTLOADER ON ARM FIRMWARE UPDATE FILE PARSER MODULE BUFFER OVERFLOW
Description Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability
Prevention Of Attacks On Government Industry
Prophaze’s Prevention of Attacks on the Government Industry It is crucial for government agencies that depend on digital infrastructure to
CVE-2023-25915 : DANFOSS AK-SM800A UP TO 3.3 INPUT VALIDATION
Description Due to improper input validation, a remote attacker could execute arbitrary commands on the target system. References https://csirt.divd.nl/CVE-2023-25915 https://csirt.divd.nl/DIVD-2023-00025
CVE-2023-39808 : N.V.K.INTER IBSG 3.5 SSH HARD-CODED PASSWORD
Description N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hardcoded root password which allows attackers to login
CVE-2023-40175 : PUMA UP TO 5.6.6/6.3.0 CHUNKED TRANSFER ENCODING REQUEST SMUGGLING
Description Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior
CVE-2023-40171 : NETFLIX DISPATCH PRIOR 20230817 JWT INFORMATION EXPOSURE
Description Dispatch is an open source security incident management tool. The server response includes the JWT Secret Key used for
CVE-2023-35893 : IBM SECURITY GUARDIUM 10.6/11.3/11.4/11.5 REQUEST OS COMMAND INJECTION
Description IBM Security Guardium 10.6, 11.3, 11.4, and 11.5 could allow a remote authenticated attacker to execute arbitrary commands on
CVE-2023-4341 : BROADCOM RAID CONTROLLER WEB GUI PRIVILEGE ESCALATION
Description Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI.
What Is The Lack Of Resources And Rate Limiting?
Lack of resources and rate limiting are security vulnerabilities that occur when an API does not have enough resources to