application vulnerability
Google’s Project Naptime Aims for AI-Based Vulnerability Research
Security analysts at Google are developing a framework that they hope will enable large language models (LLMs) to eventually be able to run automated vulnerability research, particularly analyses of malware variants. The ...
CVE-2023-50164: A Critical Vulnerability in Apache Struts
On December 7, 2023, Apache released a security advisory regarding CVE-2023-50164, a critical vulnerability in Apache Struts with CVSS score 9.8. Versions from 2.5.0 to 2.5.32 and 6.0.0 to 6.3.0 were affected. ...
CVE-2023-22524: RCE Vulnerability in Atlassian Companion for macOS
TL;DR This blog unveils a remote code execution vulnerability, identified as CVE-2023-22524, in Atlassian Companion for macOS, which has recently been patched. This critical vulnerability stemmed from an ability to bypass both ...
Recent Vulnerabilities in Popular Applications Blocked by Imperva
Multiple vulnerabilities in popular and widespread applications have been disclosed recently, tracked as CVE-2023-36845, CVE-2023-40044, CVE-2023-42793, CVE-2023-29357, and CVE-2023-22515. These vulnerabilities, which affect several products and can be exploited to allow arbitrary ...
How Scanning Your Projects for Security Issues Can Lead to Remote Code Execution
The Imperva Red Team recently discovered and disclosed CVE-2022-40764, a command injection vulnerability affecting Snyk CLI. Snyk is a security company best known for its dependency vulnerability management software. The disclosed command ...
Security Industry Rallies Behind Twitter Whistleblower
It probably isn’t a surprise to any skeptics of the security practices of social media platforms—or who specifically remember Twitter’s previous security mishaps, including the hack of high-profile blue-check accounts—that Twitter’s cybersecurity ...
JFrog Discloses Config Vulnerability in Envoy Proxy Software
A security research team at JFrog, a provider of a continuous integration/continuous delivery (CI/CD) platform, has discovered a vulnerability in certain compression configurations of open source Envoy proxy software that can be ...
Why You Need Pentesting-as-a-Service (PtaaS)
Cyberattacks have been growing in frequency and severity over the past 10 years and have increased exponentially since the onset of widespread remote and digital work. The pressure is on for organizations ...
Attackers exploit CVE-2021-26084 for XMRig crypto mining on affected Confluence servers
Vulnerability Overview On August 25, 2021 a security advisory was released for a vulnerability identified in Confluence Server titled “CVE-2021-26084: Atlassian Confluence OGNL Injection”. The vulnerability allows an unauthenticated attacker to perform ...
Window of Exposure Wide Open for Utilities’ Apps
With all the talk about the ongoing menace of ransomware, it’s easy to overlook application-specific attacks. But new research from WhiteHat Security shows that there might just be a greater likelihood of ...
