How Does a WAF Work?
Home How Does a WAF Work? 9.3k Views 8 min. read Learning Center Related Content What Is a WAF Policy?
What Is WAF Behavioral Analysis?
Home What Is WAF Behavioral Analysis? 8.5k Views 8 min. read Learning Center Related Content How Does WAF Detect New
CVE-2024-47823 : LIVEWIRE UP TO 3.5.1 GETCLIENTORIGINALNAME UNRESTRICTED UPLOAD
Description Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire `<
CVE-2024-46257 : NGINXPROXYMANAGER 2.11.3 REQUESTLETSENCRYPTSSLWITHDNSCHALLENGE COMMAND INJECTION
Description A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add
CVE-2024-46946 : LANGCHAIN_EXPERIMENTAL UP TO 0.3.0 SYMPY.SYMPIFY INPUT VALIDATION
Description langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses
CVE-2024-6091 : SIGNIFICANT-GRAVITAS AUTOGPT UP TO 0.5.0 DENYLIST SETTING OS COMMAND INJECTION
Description A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises
CVE-2024-44947 : LINUX KERNEL UP TO 6.1.106/6.6.47/6.10.6 FUSE FUSE_NOTIFY_STORE INFORMATION DISCLOSURE
Description In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(),
CVE-2024-44944 : LINUX KERNEL UP TO 6.10.2 CTNETLINK NF_EXPECT_GET_ID PRIVILEGE ESCALATION
Description In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use helper function to calculate expect ID
CVE-2024-42490 : GOAUTHENTIK API ENDPOINT IMPROPER AUTHORIZATION
Description authentik is an open-source Identity Provider. Several API endpoints can be accessed by users without correct authentication/authorization. The main
CVE-2024-7384 : ACYBA ACYMAILING PLUGIN UP TO 9.7.2 ON WORDPRESS ACYM_EXTRACTARCHIVE UNRESTRICTED UPLOAD
Description The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to
CVE-2024-42362 : APACHE HERTZBEAT UP TO 1.5.X /API/MONITORS/IMPORT DESERIALIZATION
Description Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in
CVE-2024-37901 : XWIKI-PLATFORM UP TO 14.10.20/15.5.4/15.10.1 AUTHORIZATION
Description XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user
CVE-2024-41010 : LINUX KERNEL 6.6 NETWORK NAME TCF_CHAIN0_HEAD_CHANGE_CB_DEL USE AFTER FREE
Description In the Linux kernel, the following vulnerability has been resolved: bpf: Fix too early release of tcx_entry Pedro Pinto
CVE-2024-21513 : LANGCHAIN-EXPERIMENTAL UP TO 0.0.20 DATABASE EVAL CODE INJECTION
Description Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values
CVE-2023-52885 : LINUX KERNEL UP TO 6.4.3 SUNRPC SVC_TCP_LISTEN_DATA_READY USE AFTER FREE
Description In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() After the listener svc_sock
CVE-2024-39677 : NHIBERNATE CORE UP TO 5.4.8/5.5.1 ILITERALTYPE.OBJECTTOSQLSTRING SQL INJECTION
Description NHibernate is an object-relational mapper for the .NET framework. A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString.
CVE-2024-37389 : APACHE NIFI UP TO 1.26.0/2.0.0-M3 PARAMETER CONTEXT CONFIGURATION DESCRIPTION CROSS SITE SCRIPTING
Description Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that
CVE-2024-2231 : HIMER PLUGIN UP TO 2.1.0 ON WORDPRESS PRIVATE GROUP AUTHORIZATION
Description The allows any authenticated user to join a private group due to a missing authorization check on a function.
CVE-2024-6172 : ICEGRAM EMAIL SUBSCRIBERS PLUGIN UP TO 5.7.25 ON WORDPRESS UNSUBSCRIBE SQL INJECTION
Description The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is
CVE-2024-36011 : LINUX KERNEL UP TO 6.6.30/6.8.9 BLUETOOTH HCI_LE_BIG_SYNC_ESTABLISHED_EVT NULL POINTER DEREFERENCE
Description In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in
CVE-2024-3927 : ELEMENT PACK ELEMENTOR ADDONS PLUGIN UP TO 5.6.3 ON WORDPRESS ACCESS CONTROL
Description The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is
CVE-2024-26922 : LINUX KERNEL UP TO 6.9-RC4 AMDGPU PRIVILEGE ESCALATION
Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more
CVE-2023-52439 : LINUX KERNEL UP TO 6.7.0 UIO IDR_FIND USE AFTER FREE
Description In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uio_open core-1 core-2 ——————————————————- uio_unregister_device
CVE-2023-6817 : LINUX KERNEL UP TO 6.6.X NFT_SET_PIPAPO.C NFT_PIPAPO_WALK USE AFTER FREE
Description A use-after-free vulnerability in the Linux kernel’s netfilter: nf_tables component can be exploited to achieve local privilege escalation. The