19分钟
紧急威胁响应
CVE-2024-27198 和 CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)
Rapid7’s vulnerability research team identified two new vulnerabilities affecting JetBrains TeamCity CI/CD server: CVE-2024-27198 和 CVE-2024-27199, both of which are authentication bypasses.
11分钟
漏洞的披露
CVE-2023-47218: QNAP QTS 和 QuTS Hero Unauthenticated Comm和 Injection (FIXED)
Rapid7 has identified an unauthenticated comm和 injection vulnerability in the QNAP operating system known as QTS, a core part of the firmware for numerous QNAP entry- 和 mid-level Network Attached Storage (NAS) devices.
1分钟
伶盗龙
CVE-2023-5950 Rapid7 伶盗龙 Reflected XSS
This advisory covers a specific issue identified in 伶盗龙 和 disclosed by a security code review. 0之前的迅猛龙版本.7.0-4 suffer from a reflected cross site scripting vulnerability.
8分钟
漏洞的披露
Multiple Vulnerabilities in South River Technologies Titan MFT 和 Titan SFTP [FIXED]
As part of our continuing research project into managed file transfer risk, including JSCAPE MFT 和 Fortra Globalscape EFT Server, Rapid7 discovered several vulnerabilities in South River Technologies’ Titan MFT 和 Titan SFTP servers.
4分钟
漏洞的披露
CVE-2023-4528: Java Deserialization 脆弱性 in JSCAPE MFT (Fixed)
2023年8月, Rapid7发现CVE-2023-4528, a Java deserialization vulnerability in Redwood Software’s JSCAPE MFT secure managed file transfer product. 成功ful exploitation can run arbitrary Java code as the `root` on Linux or the `SYSTEM` user on Windows.
6分钟
漏洞的披露
CVE-2023-35082 - MobileIron Core Unauthenticated API Access 脆弱性
Rapid7 discovered a new vulnerability that allows unauthenticated attackers to access the API in unsupported versions of MobileIron Core (11.2及以下).
5分钟
漏洞的披露
CVE-2023-38205: Adobe ColdFusion Access Control Bypass [FIXED]
Rapid7 discovered that the initial patch for CVE-2023-29298 (Adobe ColdFusion access control bypass vulnerability) did not successfully remediate the issue.
7分钟
漏洞的披露
CVE-2023-29298: Adobe ColdFusion Access Control Bypass
Rapid7 discovered an access control bypass vulnerability affecting Adobe ColdFusion that allows an attacker to access the administration endpoints.
22分钟
漏洞的披露
Multiple Vulnerabilities in Fortra Globalscape EFT Administration Server [FIXED]
Rapid7 has uncovered four issues in Fortra Globalscape EFT, the worst of which can lead to remote code execution.
4分钟
漏洞的披露
Raptor Technologies Volunteer Management Client-Side Security Controls (FIXED)
A vulnerability in Raptor Technology Volunteer Management for Schools is being disclosed in accordance with Rapid7’s vulnerability disclosure policy.
33分钟
漏洞的披露
Multiple Vulnerabilities in Rocket Software UniRPC server (Fixed)
In early 2023, Rapid7 discovered several vulnerabilities in Rocket Software UniData UniRPC. We worked with the company to fix issues 和 coordinate this disclosure.
7分钟
漏洞的披露
CVE-2023-0391: MGT-COMMERCE CloudPanel Shared Certificate 脆弱性 和 Weak Installation Procedures
Rapid7发现 three security concerns in CloudPanel from MGT-COMMERCE, a self-hosted web administration solution.
4分钟
漏洞的披露
Microsoft Defender for Cloud Management Port Exposure Confusion
Microsoft Defender for Cloud, until recently, didn't distinguish "0.0.0.0/0" as a synonym for "any" when checking for management port exposures for Azure instances.
13分钟
漏洞的披露
Multiple DMS XSS (CVE-2022-47412 through CVE-20222-47419)
Rapid7发现, 现在正在披露, eight XSS issues affecting four on-premises document management systems. As of this disclosure, none have patches available.
5分钟
漏洞的披露
CVE-2023-22374: F5 BIG-IP Format String 脆弱性
Rapid7 found an additional vulnerability in the appliance-mode REST interface. We reported it to F5 和 are now disclosing it in accordance with our vulnerability disclosure policy.