CVE-2024-38319 : IBM SECURITY SOAR 51.0.2.0 CODE INJECTION
Description IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded from a specially crafted script.
What Is Insecure HTTPS Cookies And Their Risks?
HTTPS cookies, essential for website functionality and user experience, become a security liability when not adequately secured. These small data
CVE-2024-4295 : ICEGRAM EXPRESS EMAIL SUBSCRIBERS PLUGIN UP TO 5.7.20 ON WORDPRESS HASH SQL INJECTION
Description The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in
CVE-2024-32976 : ENVOY UP TO 1.27.5/1.28.3/1.29.4/11.30.1 DECOMPRESSION INFINITE LOOP
Description Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an
Why Should Insider Threats Be A Top Concern For Your Business?
Insider threats refer to security risks caused by people inside an organization who are authorized to access confidential systems, data,
Prophaze’s Comprehensive Approach to API Security in Modern Healthcare
Prophaze’s Comprehensive Approach to API Security in the Patient-Centric Digital Health Era In the realm of modern healthcare, where digital
CVE-2024-4267 : PARISNEO LOLLMS-WEBUI UP TO 9.5 OPEN_FILE COMMAND INJECTION
Description A remote code execution (RCE) vulnerability exists in the parisneo/lollms-webui, specifically within the ‘open_file’ module, version 9.5. The vulnerability
CVE-2024-21683 : ATLASSIAN CONFLUENCE DATA CENTER UP TO 8.9.0 PRIVILEGE ESCALATION
Description This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.
CVE-2024-3927 : ELEMENT PACK ELEMENTOR ADDONS PLUGIN UP TO 5.6.3 ON WORDPRESS ACCESS CONTROL
Description The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is
What is Cross-Site Request Forgery (CSRF)?
Cross-Site Request Forgery (CSRF) is an attack method that tricks users into performing an unwanted action on a website they
CVE-2024-4984 : YOAST SEO PLUGIN UP TO 22.6 ON WORDPRESS DISPLAY_NAME CROSS SITE SCRIPTING
Description The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all
Navigating HTTP/2 Vulnerabilities: Continuation Floods and Rapid Resets
In the realm of web security, the evolution of protocols brings both advancements and vulnerabilities. The HTTP/2 protocol, known for
CVE-2024-32002 : GIT SUBMODULE .GIT/ PATH TRAVERSAL
Description Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with
CVE-2024-28761 : IBM APP CONNECT ENTERPRISE UP TO 11.0.0.25/12.0.12.0 CROSS SITE SCRIPTING
Description IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker
CVE-2024-29212 : VEEAM SERVICE PROVIDER CONSOLE 8/UP TO 7 MANAGEMENT AGENT DESERIALIZATION
Description Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management
10 Essential Strategies For Securing Endpoints
In our interconnected digital era, endpoints represent the gateways to an organization’s digital assets. Unfortunately, they also stand as prime
What Is SlowLoris DDoS Attacks?
SlowLoris DDoS Attacks are a type of stealthy, low-and-slow layer 7 Distributed Denial of Service (DDoS) attack that targets web
CTEM Framework In Cloud Security
Significant challenges have marked the cloud security landscape as organizations increasingly rely on cloud services. In 2023, 82% of data
When To Use Multicloud?
Multicloud involves utilizing two or more cloud service providers, such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud
CVE-2024-21508 : MYSQL2 UP TO 3.9.3 READCODEFOR BIGNUMBERSTRINGS CODE INJECTION
Description Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due
CVE-2024-27899 : SAP NETWEAVER AS JAVA USER MANAGEMENT ENGINE 7.50 USER ADMIN APPLICATION PASSWORD RECOVERY
Description Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security
What Is A CI/CD Pipeline? Definition, Benefits, And Best Practices
Continuous Integration (CI) focuses on frequently merging code changes from multiple developers into a shared repository. It involves automatically building
CVE-2024-29008 : APACHE CLOUDSTACK UP TO 4.18.1.0/4.19.0.0 EXTRACONFIG ACCESS CONTROL
Description A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone
CVE-2024-21473 : QUALCOMM SNAPDRAGON FILE NAME MEMORY CORRUPTION
Description Memory corruption while redirecting log file to any file location with any file name. References https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html For More Information