NEWS & EVENTS

SERVICES

The service detects malicious signatures in analysed files, by scanning it with 57 different commercial anti-malware....

This service collects data related to public available exploits. The database is updated daily through the official...

The service aims at offering a representation of the  Cybersecurity domain through the creation of a controlled...

The service offers a platform that allows Registrars to check for any performance and security problems present on...

LATEST CVE

Published Description
CVE-2020-13259
16-09-2020 19:15:00
A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF_0290_2.3.01.26 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. This could be exploited in conjunction with CVE-2020-13260.
CVE-2020-1694
16-09-2020 19:15:00
A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions.
CVE-2020-25040
16-09-2020 18:15:00
Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039.
CVE-2020-10748
16-09-2020 18:15:00
A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks.
CVE-2020-14348
16-09-2020 18:15:00
It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user's AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers.

Pages

LATEST EXPLOIT

Pages