RESOURCE CENTER

Trusted by leading carriers and brokers

Johnson Kendall Johnson
Crum & Forster
Allied World
Trium Property
Sullivan Group
Profinity
Intact Insurance
Munich Re
Old Republic Cyber

Security Bulletin

There are no posts on the list.

Press Releases

There are no posts on the list.

Education

Blog Posts.
There are no posts on the list.

Mitigation

Trending.
Tech Stack Date(s) Issued Criticality Overview CVE-2016-4437 is a critical vulnerability in Apache Shiro prior to version 1.2.5. If the cipher key for the “remember me” […]
Tech Stack Date(s) Issued Criticality Overview CVE-2016-8735 is a vulnerability in Apache Traffic Server that can be exploited to cause a Denial of Service (DoS) condition. […]
Tech Stack Date(s) Issued Criticality Overview CVE-2024-23897 is a critical vulnerability in Jenkins that stems from the misuse of the args4j library in its Command Line […]
Tech Stack Date(s) Issued Criticality Overview This vulnerability stems from insufficient validation or controls over file upload and download mechanisms in affected Cleo products. By exploiting […]
Tech Stack Date(s) Issued Criticality Overview This vulnerability is caused by insecure default settings in the Autorun Directory of Cleo Harmony, VLTrader, and LexiCom. An unauthenticated […]
Tech Stack: PrimeTek PrimeFaces (JavaServer Faces) Date(s) Issued: Published: 01/03/2018; Last Modified: 11/20/2024 Criticality: CVSS v3 Score: 9.8 – CRITICAL Overview: CVE-2017-1000486 is a critical remote […]
Tech Stack: Atlassian Confluence Data Center and Server Date(s) Issued: Published: 10/31/2023; Last Modified: 11/20/2024 Criticality: CVSS v3 Score: 10.0 – CRITICAL Overview: CVE-2023-22518 is a […]
Tech Stack: Progress Telerik Report Server on IIS Date(s) Issued: Published: 05/29/2024; Last Modified: 11/21/2024 Criticality: CVSS v3 Score: 9.8 – CRITICAL Overview: CVE-2024-4358 is a […]
Tech Stack: libzip and PHP’s ZIP Extension Date(s) Issued: Published: 03/30/2015; Last Modified: 04/15/2015 Criticality: CVSS v2 Score: 7.5 – HIGH Overview: CVE-2015-2331 is an integer […]
Tech Stack: Apache HTTP Server (httpd) Date(s) Issued: Published: 03/24/2018; Last Modified: 12/09/2024 Criticality: CVSS v3 Score: 8.1 – HIGH Overview: CVE-2017-15715 is a vulnerability in […]
Tech Stack: Apache HTTP Server (httpd) Date(s) Issued: Published: 03/26/2018; Last Modified: 12/03/2024 Criticality: CVSS v2 Score: 5.0 – MEDIUM Overview: CVE-2018-1303 is an out-of-bounds read […]
Tech Stack: SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP Date(s) Issued: Published: 07/09/2021; Last Modified: 11/21/2024 Criticality: CVSS v3 Score: 8.8 – HIGH Overview: […]
Tech Stack: Date(s) Issued: Criticality: Overview: CVE-2024-4358 is an authentication bypass vulnerability in Progress Telerik Report Server versions 2024 Q1 (10.0.24.305) and earlier. An unauthenticated attacker […]
Tech Stack: JetBrains TeamCity Date(s) Issued: Published: September 6, 2023; Last Updated: October 18, 2023 Criticality: CVSS Score: 9.8 (Critical) Overview: CVE-2023-42793 is a critical authentication […]
Tech Stack: JetBrains TeamCity Date(s) Issued: Published: March 4, 2024; Last Updated: November 29, 2024 Criticality: CVSS Score: 9.8 (Critical) Overview: CVE-2024-27198 is a critical authentication […]
Path Traversal Vulnerability in NAKIVO Backup Software Exposes Sensitive Credentials (CVE-2024-48248) The hum of routine backup operations offers comfort to IT administrators. But behind this quiet […]
Comprehensive Analysis of Fortinet Authentication Bypass Vulnerability (CVE-2025-24472) This report provides an in-depth examination of CVE-2025-24472, a critical authentication bypass vulnerability in Fortinet’s FortiOS and FortiProxy […]
Comprehensive Analysis of Apache Tomcat Vulnerability CVE-2025-24813 CVE-2025-24813 represents a critical path equivalence vulnerability in Apache Tomcat, allowing unauthenticated attackers to achieve remote code execution (RCE), […]
Comprehensive Analysis of CVE-2025-1861: PHP HTTP Redirect Location Buffer Truncation Vulnerability Executive Summary CVE-2025-1861 represents a critical vulnerability (CVSS 9.8) affecting multiple PHP versions that allows […]
Comprehensive Analysis of PHP Header Parsing Vulnerability CVE-2025-1736 Executive Summary CVE-2025-1736 represents a moderate-severity input validation vulnerability in PHP’s HTTP stream wrapper implementation, scoring 7.3 CVSS […]
Comprehensive Analysis of CVE-2025-1734: PHP Streams HTTP Wrapper Header Validation Vulnerability Executive Summary CVE-2025-1734 is an improper input validation vulnerability in PHP’s Streams HTTP wrapper affecting […]
Comprehensive Analysis of CVE-2025-1219: PHP libxml Streams Content-Type Handling Vulnerability CVE-2025-1219 represents a significant vulnerability in PHP’s handling of HTTP resources through the DOM and SimpleXML […]
Comprehensive Research Report: CVE-2025-1217 – PHP HTTP Header Parsing Vulnerability Overview CVE-2025-1217 is a medium-severity input validation vulnerability (CWE-20) in PHP’s HTTP stream wrapper. Affecting PHP […]
Comprehensive Analysis of CVE-2024-9026: PHP-FPM Log Manipulation Vulnerability Executive Summary CVE-2024-9026 represents a low-severity log manipulation vulnerability within PHP-FPM (FastCGI Process Manager) affecting PHP versions 8.1 […]
Comprehensive Threat Intelligence Analysis of CVE-2024-8932: Critical Integer Overflow Vulnerability in PHP LDAP Components CVE-2024-8932 represents a critical memory corruption vulnerability in PHP’s LDAP handling, enabling […]
Comprehensive Analysis of CVE-2024-8929: Heap Buffer Over-Read in PHP MySQL Client CVE-2024-8929 is a medium-severity vulnerability (CVSS 5.8/10) in PHP’s MySQL client library that enables hostile […]
Comprehensive Analysis of CVE-2024-8927: PHP HTTP_REDIRECT_STATUS Vulnerability Leading to Arbitrary File Inclusion CVE-2024-8927 is a high-severity vulnerability in PHP’s CGI implementation that enables attackers to bypass […]
Comprehensive Research Report: CVE-2024-8926 Critical PHP CGI Parameter Injection Vulnerability Executive Summary CVE-2024-8926 is a high-severity command injection vulnerability in PHP that bypasses a previous fix […]
Technical Analysis of CVE-2024-8925: PHP Multipart Form Data Parsing Vulnerability CVE-2024-8925 is a medium-severity vulnerability in PHP affecting versions 8.1.x < 8.1.30, 8.2.x < 8.2.24, and […]
CVE-2024-6387: Comprehensive Research and Technical Analysis Vulnerability Overview CVE-2024-6387, codenamed regreSSHion, is a high-severity remote code execution (RCE) vulnerability in the OpenSSH server (sshd) due to […]
Comprehensive Analysis of CVE-2024-56356: JetBrains TeamCity XML External Entity (XXE) Vulnerability Executive Summary CVE-2024-56356 is a High Severity vulnerability in JetBrains TeamCity CI/CD platforms affecting versions […]
Comprehensive Analysis of CVE-2024-56355: JetBrains TeamCity XSS Vulnerability CVE ID: CVE-2024-56355 CVSS Score: 5.4 (MEDIUM) Publicly Disclosed: 2024-12-20 Last Updated: 2025-01-02 1. Vulnerability Overview CVE-2024-56355 is […]
Comprehensive Analysis of CVE-2024-56354: JetBrains TeamCity Password Exposure Vulnerability Summary CVE-2024-56354 is a medium-severity vulnerability in JetBrains TeamCity versions prior to 2024.12, allowing users with view […]
Comprehensive Analysis of CVE-2024-56353: JetBrains TeamCity Credential Exposure Vulnerability Executive Summary CVE-2024-56353 is a Medium-severity vulnerability in JetBrains TeamCity CI/CD servers (versions prior to 2024.12) that […]
CVE-2024-56352: Comprehensive Analysis of JetBrains TeamCity Stored XSS Vulnerability CVE ID: CVE-2024-56352 CVSS Score: 5.4/10 (MEDIUM) CWE: CWE-79 (Improper Input Neutralization) 1. Threat Intelligence & Active […]
CVE-2024-56351: Access Token Management Flaw in JetBrains TeamCity Introduction CVE-2024-56351 is a critical vulnerability found in JetBrains TeamCity versions prior to 2024.12. This vulnerability allows access […]
Comprehensive Analysis of CVE-2024-56350: Unauthenticated Project Information Disclosure in JetBrains TeamCity CVE-2024-56350 is a medium-severity vulnerability in JetBrains TeamCity versions prior to 2024.12, allowing unauthorized viewing […]
CVE-2024-56349: Comprehensive Analysis of JetBrains TeamCity Build Log Tampering Vulnerability CVE-2024-56349 represents a medium-severity improper access control vulnerability in JetBrains TeamCity versions prior to 2024.12, enabling […]
Okay, I need to research CVE-2024-56348 thoroughly. Let me start by going through the provided search results to gather information. First, from the NIST details, I […]
CVE-2024-56337: Critical Apache Tomcat Remote Code Execution Vulnerability CVE ID: CVE-2024-56337 CVSS Score: 9.8 (Critical) Published: December 20, 2024 Summary of Key Findings CVE-2024-56337 is a […]
Comprehensive Research on CVE-2024-5585: PHP Command Injection Vulnerability CVE-2024-5585 represents a critical bypass of a previous PHP vulnerability fix (CVE-2024-1874), enabling arbitrary command execution on Windows […]
Comprehensive Analysis of CVE-2024-5535: OpenSSL SSL_select_next_proto Buffer Overread Vulnerability CVE-2024-5535 represents a high-severity buffer overread vulnerability in OpenSSL’s SSL_select_next_proto function, capable of exposing up to 255 […]
Comprehensive Analysis of CVE-2024-54677: Uncontrolled Resource Consumption in Apache Tomcat 1. Vulnerability Overview CVE-2024-54677 is a Medium Severity (CVSS: 5.3) Uncontrolled Resource Consumption (CWE-400) vulnerability discovered […]
Comprehensive Analysis of CVE-2024-5458: PHP URL Filter Bypass Vulnerability CVE-2024-5458 is a medium-severity vulnerability in PHP’s URL validation functionality, enabling attackers to bypass security checks by […]
Comprehensive Research Report: CVE-2024-50379 (Apache Tomcat TOCTOU RCE) CVE-2024-50379 is a critical remote code execution (RCE) vulnerability caused by a Time-of-check Time-of-use (TOCTOU) race condition in […]
Comprehensive Analysis of CVE-2024-47951: JetBrains TeamCity Stored XSS Vulnerability 1. Vulnerability Overview CVE-2024-47951 is a stored Cross-Site Scripting (XSS) vulnerability in JetBrains TeamCity CI/CD platform, affecting […]
Comprehensive Analysis of CVE-2024-47950: JetBrains TeamCity Stored XSS Vulnerability 1. Threat Intelligence CVE-2024-47950, a stored Cross-Site Scripting (XSS) vulnerability in JetBrains TeamCity’s Backup configuration settings, was […]
Comprehensive Research Report: CVE-2024-47949 Executive Summary CVE-2024-47949 is a high-severity path traversal vulnerability in JetBrains TeamCity affecting versions prior to 2024.07.3. The flaw enables attackers to […]
Comprehensive Analysis of CVE-2024-47948: JetBrains TeamCity Path Traversal Vulnerability CVE ID: CVE-2024-47948 CVSS Score: 7.5/10 (High) CWE Classification: CWE-22 (Improper Limitation of a Pathname to a […]
CVE-2019-7481: SonicWall SMA100 SQL Injection and Its Role in Ransomware Summary: CVE-2019-7481 is a critical SQL injection in SonicWall SMA100 devices. Despite a 2019 disclosure, it […]
Executive summary CVE-2025-55182 (“React2Shell”) is a CVSS 10.0 unauthenticated remote code execution vulnerability in React Server Components (RSC) that enables arbitrary code execution on affected servers […]

Stay in the know

Subscribe to receive updates as they become available.

    [acceptance* optin] I agree to receive the download and occasional updates from CyRisk. I can unsubscribe anytime. [/acceptance*]