A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other ...
Continue Reading
October 30, 2024
lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API (/v1/users/send-verification) and Sign up API (/auth/signup). An unauthenticated attacker can inje ...
Continue Reading
October 30, 2024
This update for go1.22-openssl fixes the following issues: This update ships go1.22-openssl 1.22.7.1 (jsc#SLE-18320) Update to version 1.22.7.1 cut from the go1.22-fips-release branch at the revis ...
Continue Reading
October 30, 2024
The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): tomcat: Denial of Service in Tomcat (CVE-2024-38286) For more details ...
Continue Reading
October 30, 2024
TL;DR CCTV is often overlooked; ‘shadow tech’ whose security isn’t as carefully reviewed as core IT assets It is often a responsibility for facilities managers who may have little experience of ...
Continue Reading
October 30, 2024
In June 2024, security researchers published their analysis of a novel implant dubbed "MuddyRot"(aka "BugSleep"). This remote access tool (RAT) gives operators reve ...
Continue Reading
October 30, 2024
This is the last of the four blogs (Help, I can’t see! A Primer for Attack Surface Management Blog Series, The Main Components of an Attack Surface Management (ASM) Strategy, and Understanding your ...
Continue Reading
October 30, 2024
Overview of the FortiManager API Vulnerability Recently, a critical API vulnerability in FortiManager (CVE-2024-47575) was disclosed. Certain threat actors exploited it in the wild to steal sensitive ...
Continue Reading
October 30, 2024
Back to Main
