#vulnerability

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk ThinManager Vulnerabilities: Missing Authentication For Critical Function, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to send crafted messages to the device resulting in database manipulation or a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rockwell Automation FactoryTalk product versions are affected: ThinManager: Versions 11.2.0 to 11.2.9 ThinManager: Versions 12.0.0 to 12.0.7 ThinManager: Versions 12.1.0 to 12.1.8 ThinManager: Versions 13.0.0 to 13.0.5 ThinManager: Versions 13.1.0 to 13.1.3 ThinManager: Versions 13.2.0 to 13.2.2 ThinManager: Version 14.0.0 3.2 Vulnerability Overview 3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306 An authentication vulnerability exists in the affected product. The vulnerability could al...

About Remote Code Execution – XWiki Platform (CVE-2024-31982) vulnerability. XWiki is a free open-source wiki platform. Its main feature is simplified extensibility. XWiki is often used in corporate environments as a replacement for commercial Wiki solutions (such as Atlassian Confluence). A vulnerability with CVSS Base Score 10, published on April 10, allows attackers to execute […]

A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to elevate their privileges and perform malicious actions. The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), has been addressed in version 6.5.2 of the plugin. "The plugin suffers from an unauthenticated privilege escalation vulnerability

Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the defaultLoaders function.

JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component `/onlDragDatasetHead/getTotalData`.

The company's data loss prevention platform helps customers identify and classify data across SaaS and GenAI applications, endpoints, and email.

A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.

A vulnerability was identified in Consul and Consul Enterprise ("Consul") such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.

A vulnerability was identified in Consul and Consul Enterprise ("Consul") such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.

Vulcan collaborated with Red Hat to optimize Vulcan Cyber with Red Hat Insights and provide businesses with a holistic view of exposure risk across all attack surfaces and asset types.According to Vulcan, “By harnessing Red Hat Insights’ deep visibility into host vulnerabilities, paired with the Vulcan Cyber holistic view, intelligent risk scoring and automated workflows, your teams will be empowered to resolve issues faster, enhance collaboration between security and IT teams, and ultimately reduce the risk of security breaches.”Red Hat Insights can help you better understand your secur