From sophos.com
Cybersecurity as a Service Delivered | Sophos
2 2
We Deliver Superior Cybersecurity Outcomes for Real-World Organizations Worldwide with a Broad Portfolio of Advanced Security Products and Services.
#cve #sophos #firewall #vulnerability #infosec #cybersecurity
22h ago
From elastic.co
Kibana 8.15.1 Security Update (ESA-2024-27, ESA-2024-28)
2 2
Kibana arbitrary code execution via YAML deserialization in Amazon Bedrock Connector (ESA-2024-27) A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic...
#cve #elastic #vulnerability #kibana
on Sep 5
From cvefeed.io
CVE-2024-12066 - WordPress SMSA Shipping Plugin Remote File Deletion Vulnerability
1 1
The SMSA Shipping(official) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsa_delete_label() function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with Subscriber-level access and...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
5h ago
From cvefeed.io
CVE-2024-12771 - WordPress eCommerce Product Catalog Cross-Site Request Forgery (CSRF)
1 1
The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This is due to missing or incorrect nonce validation on the 'customer_panel_password_reset' function. This makes it possible for...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
5h ago
From cvefeed.io
CVE-2024-11349 - "AdForest WordPress Authentication Bypass Vulnerability"
1 1
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sb_login_user_with_otp_fun() function. This makes it possible for...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
7h ago
From cvefeed.io
CVE-2023-31279 - AirVantage Unauthorized Device Registration Remote Command Execution
1 1
The AirVantage platform is vulnerable to an unauthorized attacker registering previously unregistered devices on the AirVantage platform when the owner has not disabled the AirVantage Management Service on the devices or registered the device. This could enable an attacker to configure, manage,...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
12h ago
From cvefeed.io
CVE-2024-56359 - Grist-Core JavaScript URL Injection Vulnerability (Cross-Site Scripting)
1 1
grist-core is a spreadsheet hosting server. A user visiting a malicious document and clicking on a link in a HyperLink cell using a control modifier (meaning for example Ctrl+click) could have their account compromised, since the link could use the javascript: scheme and be evaluated in the...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
13h ago
From cvefeed.io
CVE-2024-56358 - Grist-Core SVG Evaluation Vulnerability
1 1
grist-core is a spreadsheet hosting server. A user visiting a malicious document and previewing an attachment could have their account compromised, because JavaScript in an SVG file would be evaluated in the context of their current page. This issue has been patched in version 1.3.2. Users are...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
13h ago
From cvefeed.io
CVE-2024-56357 - Grist-Core Unvalidated Redirect Vulnerability
1 1
grist-core is a spreadsheet hosting server. A user visiting a malicious document or submitting a malicious form could have their account compromised, because it was possible to use the `javascript:` scheme with custom widget URLs and form redirect URLs. This issue has been patched in version...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
13h ago
From cvefeed.io
CVE-2024-37758 - Digiteam Endpoint Unauthenticated Privilege Escalation
1 1
Improper access control in the endpoint /RoleMenuMapping/AddRoleMenu of Digiteam v4.21.0.0 allows authenticated attackers to escalate privileges.
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
16h ago
From cvefeed.io
CVE-2024-56327 - pyrage Depwiseage Denial of Service
1 1
pyrage is a set of Python bindings for the rage file encryption library (age in Rust). `pyrage` uses the Rust `age` crate for its underlying operations, and `age` is vulnerable to GHSA-4fg7-vxc8-qx5w. All details of GHSA-4fg7-vxc8-qx5w are relevant to `pyrage` for the versions specified in this...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
18h ago
From cvefeed.io
CVE-2024-54150 - "Cjwt Algorithm Confusion Vulnerability"
1 1
cjwt is a C JSON Web Token (JWT) Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between signing methods. If the system doesn't differentiate between an HMAC signed token and an...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
18h ago
From cvefeed.io
1 1
A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload restrictions and perform arbitrary system commands with SYSTEM privilege via a crafted ZIP file.
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
18h ago
From cvefeed.io
CVE-2024-51466 - IBM Cognos Analytics EL Injection
1 1
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
22h ago
From cvefeed.io
CVE-2024-40695 - IBM Cognos Analytics File Upload Vulnerability (Remote Code Execution)
1 1
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be …
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
22h ago
From cisa.gov
Vulnerability Summary for the Week of December 9, 2024 | CISA
1 2
High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source Info
#cve #cwe #cisa #cvss #cveid #hssedi #vulnerability #vulnerabilitymanagement
on Tue, 2PM
From cisa.gov
Vulnerability Summary for the Week of August 26, 2024 | CISA
1 1
High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source & Patch Info
#cve #cwe #cisa #cvss #cveid #hssedi #vulnerability #vulnerabilitymanagement
on Sep 5