Incorrect Control over DrayTek Vigor Router
Overview : On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to
CVE-2024-33898 : AXIROS AXXESS AUTO CONFIGURATION SERVER 4.X/5.0.0 AUTHORIZATION
Description Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 has Incorrect Access Control. An authorization bypass allows remote attackers
FiberHome HG2201T Pre-Auth RCE
Overview : FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files. Affected Product(s) : FiberHome HG2201T Vulnerability
What Is WAF Machine Learning?
Home What Is WAF Machine Learning? 2.3k Views 7 min. read Learning Center Related Content What Is Zero-Day Protection in
Can a CDN Slow Down a Website?
Home Can a CDN Slow Down a Website? 8.2k Views 7 min. read Learning Center Related Content What Is CDN
What Is an API Data Breach?
Home What Is an API Data Breach? 1.3k Views 8 min. read Learning Center Related Content What Is Broken Authentication?
What Is API Fuzz Testing?
Home What Is API Fuzz Testing? 4.4k Views 8 min. read Learning Center Related Content What Is API Behavior Analytics?
What Is a WAF False Positive?
Home What Is a WAF False Positive? 6.8k Views 7 min. read Learning Center Related Content What Is WAF Evasion?
What Is WAF Behavioral Analysis?
Home What Is WAF Behavioral Analysis? 8.5k Views 8 min. read Learning Center Related Content How Does WAF Detect New
What Is IP Whitelisting in WAF?
Home What Is IP Whitelisting in WAF? 5.4k Views 7 min. read Learning Center Related Content What Is a WAF
What Is JWT?
Home What Is JWT? 5.1k Views 6 min. read Learning Center Related Content What Is OAuth? What Is API Encryption?
How To Secure Generative AI Systems Against Emerging Threats
Generative AI, driven by advanced machine learning techniques, is revolutionizing industries by creating text, images, music, and virtual environments. These
Vulnerability Assessment And Penetration Testing (VAPT)
Why would your Business need VAPT? It is very necessary to conduct a network security audit periodically to ensure the
What Is Broken Object Level Authorization? How To Prevent Such Vulnerabilities?
Broken Object Level Authorization is a security vulnerability that allows an attacker to access and manipulate data or functionality that
CVE-2023-26489 : WASMTIME 4.0.0/5.0.0/6.0.0 ON 64-BIT OUT-OF-BOUNDS WRITE
Description wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime’s code generator, Cranelift, has a bug
What Is Remote Code Execution? How Does It works?
What Is Remote Code Execution? Remote Code Execution or RCE, also known as arbitrary code execution is a network vulnerability
OWASP Top 10 API security
The OWASP Top 10 API security is a classification of the most common attacks on the web. The vulnerabilities exploited
Vulnerability Assessment and Penetration Testing (VAPT)
Why would your Business need VAPT? It is very necessary to conduct a network security audit periodically to ensure the
Rockwell Automation RSLinx Classic versions 4.1.00 and prior, an authenticated local attacker could modify a registry key
Overview : In Rockwell Automation RSLinx Classic versions 4.1.00 and prior, an authenticated local attacker could modify a registry key,
Apache HTTP Server 2.4 vulnerabilities
Overview : In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
[vc_row][vc_column][vc_column_text] Overview : Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as
cPanel before 84.0.20 allows a demo account to achieve remote code execution
Overview : cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544).
cPanel before 82.0.18 Account bypass vulnerability
Overview : cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions (SEC-508). Affected