CVE-2023-23356 : QNAP QUFIREWALL UP TO 2.3.2 COMMAND INJECTION
Description A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could
CVE-2024-48889 : FORTINET FORTIMANAGER UP TO 6.4.14/7.0.12/7.2.7/7.4.4/7.6.0 FGFM REQUEST OS COMMAND INJECTION
Description An Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability [CWE-78] in FortiManager version
CVE-2023-34990 : FORTINET FORTIWLM UP TO 8.5.4/8.6.5 WEB REQUEST PATH TRAVERSAL
Description A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute
CVE-2024-47104 : IBM I 7.4/7.5 PHYSICAL FILE SECURITY ATTRIBUTES PERMISSION ASSIGNMENT
Description IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A
CVE-2024-47480 : DELL INVENTORY COLLECTOR CLIENT UP TO 12.6.X SYMLINK
Description Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege
CVE-2024-49820 : IBM SECURITY GUARDIUM KEY LIFECYCLE MANAGER 4.1/4.1.1/4.2.0/4.2.1 CLEARTEXT TRANSMISSION
Description IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive
CVE-2024-53144 : LINUX KERNEL UP TO 6.1.112/6.6.54/6.10.13/6.11.2 HCI_EVENT PRIVILEGE ESCALATION
Description In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE This
CVE-2024-50379 : APACHE TOMCAT UP TO 9.0.97/10.1.33/11.0.1 JSP COMPILATION TOCTOU
Description Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file
CVE-2024-10205 : HITACHI OPS CENTER ANALYZER ON LINUX 64-BIT MISSING AUTHENTICATION
Description Authentication Bypass vulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component),
CVE-2024-12356 : BEYONDTRUST REMOTE SUPPORT & PRIVILEGED REMOTE ACCESS UP TO 24.3.1 COMMAND INJECTION
Description A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow
Why On-Premise API Security Is Critical In A Hybrid IT Environment
APIs are the glue that holds modern applications together. Facilitates smooth communication between systems. Helps ensure that business operations run
What Is Federated Identity Management (FIM)?
Federated Identity Management (FIM) is a system that allows digital identities to be shared across multiple jurisdictions, organizations, or security
What Is User And Entity Behavior Analytics (UEBA)?
User and Entity Behavior Analytics (UEBA) is a cybersecurity solution that uses advanced analytics to detect anomalies in the behavior
Why Quantum-Resistant Encryption Is Critical For Data Security?
Quantum-Resistant Encryption refers to cryptographic algorithms designed to withstand the computational capabilities of quantum computers. This is different from classical
How Can SMBs Implement Enterprise-Level API Security?
In today’s interconnected digital world, enterprise-level API security is critical for businesses of all sizes, particularly small to medium-sized businesses
What Is Cyber Warfare?
Cyber Warfare is the use of digital attacks by one country or organization to damage or disrupt another country’s critical
CVE-2024-9632 : X.ORG X SERVER UP TO 21.1.13 BITMAP_XKBSETCOMPATMAP SYM_INTERPRET HEAP-BASED OVERFLOW
Description A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker
CVE-2024-51568 : PSAUX CYBERPANEL UP TO 2.3.4 FILE MANAGER /FILEMANAGER/UPLOAD PROCESSUTILITIES.OUTPUTEXECUTIONER OS COMMAND INJECTION
Description CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka
CVE-2024-8923 : SERVICENOW NOW PLATFORM IMPROPER AUTHENTICATION
Description ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an
CVE-2024-49768 : PYLONS WAITRESS UP TO 3.0.0 ON PYTHON HTTP PIPELINING RECV_BYTES TOCTOU
Description Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a
CVE-2024-6674 : PARISNEO LOLLMS-WEBUI UP TO 9.8 PRIVATE API KEY ORIGIN VALIDATION
Description A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser
What is AI-Driven SOC?
An AI-powered Security Operations Center (SOC) represents a revolutionary change in the way organizations manage cybersecurity. By combining artificial intelligence
CVE-2024-47821 : PYLOAD UP TO 0.5.0B3.DEV86/ .PYLOAD/SCRIPTS OS COMMAND INJECTION
Description pyLoad is a free and open-source Download Manager. The folder `/.pyload/scripts` has scripts which are run when certain actions
CVE-2024-48581 : SOURCECODESTER BEST COURIER MANAGEMENT SYSTEM 1.0 ADMIN_CLASS.PHP UNRESTRICTED UPLOAD
Description File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code