Proactive Tactics to Conquer Shadow API Threats Today
In the fast-evolving landscape of digital technology, the emergence of shadow APIs poses a growing risk for organizations, opening doors
CVE-2024-24830 : OPENOBSERVE UP TO 0.7.X ROLE-BASED ACCESS CONTROL /API/{ORG_ID}/USERS IMPROPER AUTHORIZATION
Description OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A
CVE-2023-6817 : LINUX KERNEL UP TO 6.6.X NFT_SET_PIPAPO.C NFT_PIPAPO_WALK USE AFTER FREE
Description A use-after-free vulnerability in the Linux kernel’s netfilter: nf_tables component can be exploited to achieve local privilege escalation. The
CVE-2023-32460 : DELL POWEREDGE PLATFORM PRIOR 2.20.1 BIOS MISSING AUTHENTICATION
Description Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability,
Vulnerability Assessment And Penetration Testing (VAPT)
Why would your Business need VAPT? It is very necessary to conduct a network security audit periodically to ensure the
CVE-2023-2163 : Linux Kernel 5.4 BPF kernel/bpf/verifier.c backtrack_insn calculation
Description Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe,
What Is Broken Function Level Authorization?
Application Programming Interfaces (APIs) play a vital role in modern software development, enabling communication and integration between different systems. However,
CVE-2023-30691 : SAMSUNG SMART PHONE AUTHENTICATIONCONFIG IMPROPER AUTHENTICATION
Description Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1 allows local attacker to privilege escalation. References https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=08 For
What Is Broken Object Level Authorization? How To Prevent Such Vulnerabilities?
Broken Object Level Authorization is a security vulnerability that allows an attacker to access and manipulate data or functionality that
API Security
Prophaze API Security AI-Powered Protection for Every API. Zero Compromise Prophaze API Security offers next-gen protection for your APIs with
CVE-2023-0240 : LINUX KERNEL UP TO 5.10.160 IO_URING IO_PREP_ASYNC_WORK USE AFTER FREE
Description There is a logic error in io_uring’s implementation which can be used to trigger a use-after-free vulnerability leading to
CVE-2023-22809 : SUDO UP TO 1.9.12.P1 ENVIRONMENT VARIABLE SUDO_EDITOR/VISUAL/EDITOR PROTECTION MECHANISM
Description In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR,
CVE-2022-36924 : ZOOM ROOMS PRIOR 5.12.6 ON WINDOWS INSTALLER UNCONTROLLED SEARCH PATH
Description The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user
MVID-2022-0655 : BACKDOOR.WIN32.REMSERV.D SERVICE PORT 26103 BACKDOOR
Description A vulnerability has been found in Backdoor.Win32.RemServ.d and classified as critical. This vulnerability affects unknown code of the component
CVE-2022-43752 : ORACLE SOLARIS 10 COMMON DESKTOP ENVIRONMENT FORMAT STRING
Description Oracle Solaris version 10 1/13, when using the Common Desktop Environment (CDE), is vulnerable to a privilege escalation vulnerability.
CVE-2022-40684 : FORTINET FORTIOS/FORTIPROXY ADMINISTRATIVE INTERFACE IMPROPER AUTHORIZATION
Description A vulnerability was found in Fortinet FortiOS and FortiProxy. It has been classified as very critical. This affects an
CVE-2022-39959 : PANINI EVEREST ENGINE 2.0.4 EVEREST.EXE UNTRUSTED SEARCH PATH
Description Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads
CVE-2022-36961 : SOLARWINDS ORION PLATFORM VERB SQL INJECTION
Description A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege
CVE-2022-31676 : VMWARE TOOLS 10.X.Y/11.X.Y/12.0.0 ACCESS CONTROL
Description VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access
CVE-2022-28877 : F-SECURE WITHSECURE ENDPOINT PROTECTION ON WINDOWS ACCESS CONTROL
Description This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be
CVE-2022-32481 : DELL EMC POWERPROTECT CYBER RECOVERY UP TO 19.10 ACCESS CONTROL
Description Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged
CVE-2022-34008 : COMODO ANTIVIRUS 12.2.2.8012 QUARANTINE ACCESS CONTROL
Description Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privileged attacker can use
Gradle up to 7.1 on Unix application/gradlew os command injection
A vulnerability was found in Gradle up to 7.1 on Unix. It has been declared as critical. Affected by this
CVE-2021-24369
In the GetPaid WordPress plugin before 2.3.4, users with the contributor role and above can create a new Payment Form,