CVE-2024-4879 : SERVICENOW NOW PLATFORM IMPROPER VALIDATION OF SPECIFIED TYPE OF INPUT
Description ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This
CVE-2024-39677 : NHIBERNATE CORE UP TO 5.4.8/5.5.1 ILITERALTYPE.OBJECTTOSQLSTRING SQL INJECTION
Description NHibernate is an object-relational mapper for the .NET framework. A SQL injection vulnerability exists in some types implementing ILiteralType.ObjectToSQLString.
CVE-2024-39830 : MATTERMOST UP TO 9.5.5/9.6.2/9.7.4/9.8.0 SHARED CHANNEL IMPROPER AUTHENTICATION
Description Mattermost versions 9.8.x
CVE-2024-25943 : DELL INTEGRATED REMOTE ACCESS CONTROLLER 9 PRIOR 7.00.00.172/7.10.50.00 RANDOM VALUES
Description iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking
CVE-2024-37140 : DELL POWERPROTECT DD PRIOR 8.0 OS COMMAND INJECTION
Description Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability
CVE-2024-22459 : DELL ECS UP TO 3.6.2.5/3.7.0.6/3.8.0.4 ACCESS CONTROL
Description Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access
CVE-2024-25110 : AZURE AZURE-UAMQP-C 1.0 OPEN_GET_OFFERED_CAPABILITIES USE AFTER FREE
Description The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation
CVE-2024-24573 : WILLYXJ FACILEMANAGER UP TO 4.5.0 POST REQUEST PROCESSPOST.PHP AUTHORIZATION
Description facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier,
CVE-2023-22527 : ATLASSIAN CONFLUENCE DATA CENTER/CONFLUENCE SERVER PRIOR 8.5.4 TEMPLATE INJECTION
Description Summary of Vulnerability A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated
CVE-2023-6270 : LINUX KERNEL ATA OVER ETHERNET DRIVER AOECMD_CFG_PKTS USE AFTER FREE
Description A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly
CVE-2023-48239 : NEXTCLOUD SERVER/ENTERPRISE SERVER UP TO 27.1.3 EXTERNAL STORAGE ACCESS CONTROL
Description Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to
CVE-2022-42920 : ORACLE UTILITIES APPLICATION FRAMEWORK UP TO 4.2.0.3.0/4.3.0.6.0/4.4.0.0.0/4.4.0.2.0 GENERAL REMOTE CODE EXECUTION
Description Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due
CVE-2023-32485 : Dell SmartFabric Storage Software Up To 1.3 Input Validation
Description Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may
CVE-2022-38777 : ELASTIC ENDPOINT SECURITY ON WINDOWS PRIVILEGES MANAGEMENT
Description An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users
Latest Spring Vulnerabilities Exploitation – CVE-2022-22965
Are you having a Spring MVC or Spring WebFlux application running on JDK version 9 or higher? Then ensure that
Latest Spring Vulnerabilities Exploitation – CVE-2022-22965
Are you having a Spring MVC or Spring WebFlux application running on JDK version 9 or higher? Then ensure that
OWASP Top 10 API security
The OWASP Top 10 API security is a classification of the most common attacks on the web. The vulnerabilities exploited
CVE-2021-44228 – Apache log4j up to 2.14.1 JNDI LDAP Server Lookup format string
Zero-Day RCE Vulnerability CVE-2021-44228 aka Critical Apache Log4j Remote Code Execution Vulnerability(Log4Shell)Affects Java Background on Apache log4j Apache log4j 2
OWASP 2021 Detailed Report: See What’s Changed!
Everyone knowing about OWASP must be curious about what’s modified withinside the Top 10 for 2021. Here’s What’s New in
Intel BSSA DFT initialization [CVE-2021-0144]
A potential security vulnerability in the customer build time configuration for the Intel BIOS Shared SW Architecture (BSSA) Design for
CVE-2021-24372
The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER[‘REQUEST_URI’] before
CVE-2019-25047
Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone OS (GOS) before 5.0.10 allow XSS during 404 URL handling in gsad.
CVE-2021-24373
The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the historyvalue GET
CVE-2021-3535
Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console’s Filtered Asset Search feature. A specific