Aggregator

CVE-2024-37161 | MeterSphere up to 1.10.0-lts Step Editor cross site scripting (GHSA-6h7v-q5rp-h6q9)

Vuldb Updates
3 months 4 weeks ago
A vulnerability was found in MeterSphere up to 1.10.0-lts and classified as problematic. This issue affects some unknown processing of the component Step Editor. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-37161. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

VDB-267981 | Amazon Q for Business Prompt injection

Vuldb Updates
3 months 4 weeks ago
A vulnerability was found in Amazon Q for Business. It has been classified as problematic. This affects an unknown part of the component Prompt Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. There is no exploit available. This product is a managed service. This means that users are not able to maintain vulnerability countermeasures themselves.
vuldb.com

CVE-2024-3559 | Custom Field Suite Plugin up to 2.6.7 on WordPress cfs[post_content] cross site scripting

Vuldb Updates
3 months 4 weeks ago
A vulnerability classified as problematic has been found in Custom Field Suite Plugin up to 2.6.7 on WordPress. Affected is an unknown function. The manipulation of the argument cfs[post_content] leads to cross site scripting. This vulnerability is traded as CVE-2024-3559. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com

CVE-2024-30072 | Microsoft Windows 11 22H2/11 23H2/Server 2022 23H2 Event Trace Log File Parser integer overflow

Vuldb Updates
3 months 4 weeks ago
A vulnerability was found in Microsoft Windows 11 22H2/11 23H2/Server 2022 23H2. It has been rated as critical. Affected by this issue is some unknown functionality of the component Event Trace Log File Parser. The manipulation leads to integer overflow. This vulnerability is handled as CVE-2024-30072. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2024-30074 | Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2 Link Layer Topology Discovery Protocol heap-based overflow

Vuldb Updates
3 months 4 weeks ago
A vulnerability classified as critical has been found in Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2. This affects an unknown part of the component Link Layer Topology Discovery Protocol. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-30074. The attack can only be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

Cloudflare Reveals AI Labyrinth to Counter Automated AI Attacks

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
3 months 4 weeks ago

Cloudflare has unveiled AI Labyrinth, an innovative platform designed to combat AI-powered bots that relentlessly crawl and scrape data from websites without permission. By employing AI-generated content, AI Labyrinth cleverly slows down and misdirects these bots, safeguarding legitimate websites while enhancing bot detection capabilities. What is AI Labyrinth? AI Labyrinth is a proactive defense mechanism that […]

The post Cloudflare Reveals AI Labyrinth to Counter Automated AI Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

FBI warns of malicious free online document converters spreading malware

Security Affairs
3 months 4 weeks ago
The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. The FBI warns that threat actors use malicious online document converters to steal users’ sensitive information and infect their systems with malware. “The FBI Denver Field Office is warning that agents are increasingly seeing a scam […]
Pierluigi Paganini

Managed ad