Security

This article is an in-depth look at the most common GraphQL vulnerabilities, why they occur, and how they can be mitigated.

Security

This article assesses the large-scale exposure of systems to multiple CVEs affecting the CUPS printing service, which can be chained together to achieve unauthenticated remote code execution (RCE). We provide an overview of how these vulnerabilities, including CVE-2024-47176, work in tandem, walking through the exploit flow. Additionally, we analyze how many systems are potentially vulnerable and highlight a unique behavior observed during testing.

Engineering

The Threat Center provides essential updates for organizations to stay informed about security threats, offering actionable intelligence and detailed asset information to help users proactively protect their systems.

Security

An in-depth look at the CVE-2024-47374 vulnerability affecting LiteSpeed Cache plugin for WordPress, its impact, and a technical breakdown of our detection method.

Product

The latest releases introduce HTTP/2 support, improve UI and detection, enhance privacy and security measures, and update custom checks and analysis environments for better performance.

Security

The article delves into the technical details of this CVE, its potential impact, and the methods used to detect and exploit it.

Security

The article uncovers an Arbitrary File Read vulnerability in VigorConnect that lets attackers access sensitive files. The issue originates from improper input validation in file handling methods.

Product

This update introduces enhanced vulnerability detection with AI improvements, new UI features, expanded support for asset types, upgraded network interception, and broader CVE coverage, alongside several bug fixes and optimizations across scanning, fingerprinting, and GitHub Actions.