Latest Cyber News

Hackers Turned Visual Studio Code As A Remote Access Tool - After successfully intercepting the exfiltrated data the threat actors exploit unauthorized access through GitHub’s authentication system by navigating to “hxxps://github[.]com/login/device” and utilizing stolen alphanumeric ...
1 month ago Cybersecuritynews.com
Iranian APT Facilitating Remote Access To Target Networks  - Security Boulevard - *** This is a Security Bloggers Network syndicated blog from TuxCare authored by Wajahat Raja. Copyright © 2024 Techstrong Group Inc. ...
1 month ago Securityboulevard.com
CentOS vs Ubuntu: Enterprise Linux Comparison - Security Boulevard - *** This is a Security Bloggers Network syndicated blog from TuxCare authored by Rohan Timalsina. Copyright © 2024 Techstrong Group Inc. ...
1 month ago Securityboulevard.com
Prince Ransomware Hits UK and US via Royal Mail Phishing Scam - The ransomware encrypts files on the victim’s computer, adding the “.womp” extension, and displays a ransom note demanding payment in Bitcoin for decryption. The attack, known as the “Prince Ransomware,” utilizes a ...
1 month ago Gbhackers.com
SIEM agent being used in SilentCryptoMiner attacks | Securelist - The most interesting action in this attack was the implementation of unusual techniques like using an SIEM agent as backdoor, adding the malicious payload to a legitimate digital signature, and hiding directories containing malicious files. The ...
1 month ago Securelist.com
Microsoft and DOJ seized the attack infrastructure used by Russia-linked Callisto Group - Today, the United States District Court for the District of Columbia unsealed a civil action brought by Microsoft’s DCU, including its order authorizing Microsoft to seize 66 unique domains used by Star Blizzard in cyberattacks targeting Microsoft ...
1 month ago Securityaffairs.com
Cloud Penetration Testing Checklist - 2023 - Check the Service Level Agreement and make sure that proper policy has been covered between the Cloud service provider (CSP) and Client. Cloud penetration testing focuses on identifying and exploiting vulnerabilities in cloud environments, ensuring ...
1 month ago Gbhackers.com
Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group - By taking decisive action against Star Blizzard, Microsoft and its partners reinforce international norms and demonstrate a commitment to protecting civil society and upholding the rule of law in cyberspace. Between January 2023 and August 2024, Star ...
1 month ago Gbhackers.com
Microsoft Takes Unprecedented Action Against Cyber Threat Actor Star Blizzard - Cybersecurity Insiders - In a historic move that underscores the escalating battle against cybercrime, Microsoft has publicly acknowledged its role in launching a cyber offensive against a Russian-funded threat actor known as Star Blizzard. According to Microsoft’s ...
1 month ago Cybersecurity-insiders.com
Linux Malware perfctl Attacking Millions of Linux Servers - By combining elements from standard Linux tools like “perf” (a performance monitoring tool) and “ctl” (indicating control), the malware authors have crafted a seemingly innocuous name that masks its malicious intent. ...
1 month ago Gbhackers.com
Cybersecurity Today: National Vulnerability Database backlog, update on CIRA study: Cyber Security Today for Friday, October 4, 2024 - Updates on the latest cyber security threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time. Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can ...
1 month ago Cybersecuritytoday.libsyn.com
Black Kite Research Reveals 80% Of Manufacturing Companies Face Critical Cyber Vulnerabilities - Due to its critical nature, the manufacturing industry is a prime target for bad actors to exploit, said Ferhat Dikbiyik, Black Kite’s chief research and intelligence officer. Black Kite’s data reveals that manufacturing was the top industry ...
1 month ago Informationsecuritybuzz.com
Strengthening Security Posture Through People-First Engagement - Regular, small doses of security education help combat the “forgetting curve,” a theory developed by Hermann Ebbinghaus that suggests people forget 75% of newly learned information within a couple of days. These statistics underscore a critical ...
1 month ago Informationsecuritybuzz.com
October 2024 Patch Tuesday forecast: Recall can be recalled - Help Net Security - The monthly cumulative updates, or ‘differentials’ from the checkpoint update, as Microsoft calls them, will begin anew in the form of much smaller files. Now available for systems that meet the hardware requirements, it includes many new ...
1 month ago Helpnetsecurity.com
E-Commerce Protection Lags Behind: Insights from the 2024 Global Bot Security Report - Security Boulevard - *** This is a Security Bloggers Network syndicated blog from DataDome authored by Kira Lempereur. Copyright © 2024 Techstrong Group Inc. ...
1 month ago Securityboulevard.com
California's Deepfake Regulation: Navigating the Minefield of AI, Free Speech, and Election Integrity - Security Boulevard - *** This is a Security Bloggers Network syndicated blog from Meet the Tech Entrepreneur, Cybersecurity Author, and Researcher authored by Deepak Gupta - Tech Entrepreneur, Cybersecurity Author. ...
1 month ago Securityboulevard.com
Best practices for implementing threat exposure management, reducing cyber risk exposure - Help Net Security - By identifying misconfigurations in technical security controls and correlating them with asset, vulnerability, and exposure data from integrated assessment sources, organizations gain an understanding of their security landscape. By systematically ...
1 month ago Helpnetsecurity.com
MaLDAPtive: Open-source framework for LDAP SearchFilter parsing, obfuscation, and more! - Help Net Security - MaLDAPtive is an open-source framework for LDAP SearchFilter parsing, obfuscation, deobfuscation, and detection. Complementing this is a PowerShell wrapper, crafted for flexibility and randomization, with pipeline capabilities that allow seamless ...
1 month ago Helpnetsecurity.com
Cybercriminals capitalize on poorly configured cloud environments - Help Net Security - However, mature threat actors are learning how to overcome obstacles — like leveraging inherent vulnerabilities in privileged device drivers for Windows to disable EDR sensors, injecting into privileged processes to delete critical security logs, ...
1 month ago Helpnetsecurity.com
New infosec products of the week: October 4, 2024 - Help Net Security - It also makes it possible to create effective security controls that keep a business’ most sensitive data safe from becoming a data security risk (e.g. revoking public access to files marked ‘confidential’). The Legit Posture Score sets a new, ...
1 month ago Helpnetsecurity.com
New Perfctl Malware Attacking Millions of Linux Servers - The Perfctl malware represents a significant threat to Linux servers worldwide, emphasizing the need for robust security measures and vigilant monitoring. Mitigation strategies include patching vulnerabilities, restricting file execution in writable ...
1 month ago Cybersecuritynews.com
DPRK's APT37 Targets Cambodia in Khmer - The North Korean state-sponsored threat actor known as APT37 has been carefully spreading a novel backdoor, dubbed "VeilShell." Of note is its target: Most North Korean advanced persistent threats (APTs) have a history of targeting ...
1 month ago Darkreading.com
Exposing the Credential Stuffing Ecosystem - Security Boulevard - *** This is a Security Bloggers Network syndicated blog from Kasada authored by Nick Rieniets. Copyright © 2024 Techstrong Group Inc. ...
1 month ago Securityboulevard.com
Dutch police breached by a state actor - “The police have been informed by the intelligence services that it is very likely a ‘state actor’, in other words: another country or perpetrators on behalf of another country.” reads the update on the data breach published ...
1 month ago Securityaffairs.com
USENIX NSDI '24 -LiFteR: Unleash Learned Codecs in Video Streaming with Loose Frame Referencing - Security Boulevard - *** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Copyright © 2024 Techstrong Group Inc. ...
1 month ago Securityboulevard.com
Recently patched CUPS flaw can be used to amplify DDoS attacks - As Akamai security researchers found, a CVE-2024-47176 security flaw in the cups-browsed daemon that can be chained with three other bugs to gain remote code execution on Unix-like systems via a single UDP packet can also be leveraged to ...
1 month ago Bleepingcomputer.com
DrayTek Routers at Risk From 14 New Vulnerabilities - The advice comes amid signs of growing threat actor activity — including by nation-state actors — targeting vulnerabilities in routers and other network devices from DrayTek and a variety of other vendors, including Fortinet, F5, QNAP, Ivanti, ...
1 month ago Darkreading.com
Understanding the Dependency Injection Lifecycle - DZone - public class ClassD { // other implementation // Below code will update the value of callMeScoped to "I am from ClassA" for the instance of ClassA // But as it is Scoped life cycle so it is holding single instance ScopedImplementation of // Then it ...
1 month ago Feeds.dzone.com
3thix partners with Avalanche on web3 gaming ad data | VentureBeat - Coming up October 28th and 29th, join fellow leaders and amazing speakers like Matthew Bromberg (CEO Unity), Amy Hennig (Co-President of New Media Skydance Games), Laura Naviaux Sturr (GM Operations Amazon Games), Amir Satvat (Business Development ...
1 month ago Venturebeat.com
Make Cybersecurity Awareness Month a Game-Changer for You and Your Career - Cisco Blogs - Whether you’re a seasoned network engineer or just starting out, let Cisco Learning & Certifications help you to become your organization’s cybersecurity superstar starting with our Cisco Cybersecurity Training and Certification Giveaway. ...
1 month ago Feedpress.me
CISA Adds High-Severity Ivanti Vuln to KEV Catalog - "Exploiting this flaw could have serious consequences, such as data breaches, disruption of business operations, and further compromise of internal systems," Eric Schwake, director of cybersecurity strategy at Salt Security, wrote in an ...
1 month ago Darkreading.com
Ukraine-Russia Cyber Battles Have Real-World Impact - "The evolution of cyberattacks and malware, particularly those that have an intersection with the use of generative AI, have lowered the barrier for entry for threat actors, leading to more threats and a greater volume of attacks," he says. ...
1 month ago Darkreading.com
A Leader in 2024 Forrester Enterprise Firewall Solutions Wave - Palo Alto Networks has long recognized these challenges, which is why we’ve built a network security platform that not only protects but also fosters business growth and innovation in today’s complex environment. We believe the recognition of ...
1 month ago Paloaltonetworks.com
‘Pig butchering’ trading apps found on Google Play, App Store - Group-IB also warns that the UniShadow Trade apps can mimick a variety of legitimate cryptocurrency and trading platforms, providing the following extensive list with potential names that could be used in impersonation attempts. Fake trading ...
1 month ago Bleepingcomputer.com
Microsoft SFI progress report elicits cautious optimism | TechTarget - "After a year, it looks like Microsoft has made some smart and substantive initial progress in elevating security across the whole organization: investment in security-focused head count, inclusion of security into performance reports across the ...
1 month ago Techtarget.com
News alert: SquareX shows how Google’s MV3 standard falls short, putting millions at risk - Security Boulevard - *** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by cybernewswire. Copyright © 2024 Techstrong Group Inc. ...
1 month ago Securityboulevard.com
News alert: Doppler fortifies ‘secrets management’ with Change Requests auditable approval feature - Security Boulevard - *** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by cybernewswire. Copyright © 2024 Techstrong Group Inc. ...
1 month ago Securityboulevard.com
Detroit-area government services impacted by cyberattack - Corrections officers within the Wayne County Sheriff’s Office have struggled to process inmates, the Wayne County Treasurer’s Office has had issues collecting taxes online and the Wayne County Register of Deeds Office closed early on Wednesday, ...
1 month ago Therecord.media
Microsoft security overhaul offers blueprint for SecOps | TechTarget - 23, nearly a year after Microsoft kicked off the initiative in response to a scathing report from the U.S. Department of Homeland Security's Cyber Safety Review Board about a "cascade of security failures" that led to a breach of email systems ...
1 month ago Techtarget.com
Dutch Police: ‘State actor’ likely behind recent data breach - Based on the intelligence services' information, the police immediately implemented strong security measures to counter this attack. The national Dutch police (Politie) says that a state actor was likely behind the data breach it detected last week. ...
1 month ago Bleepingcomputer.com
Tesla Recalls 27,00 Cybertrucks Over Rear Camera | Silicon UK - CNBC reported that Tesla said on Thursday it would recall more than 27,000 Cybertrucks due to delayed rear-view camera images that could impair driver visibility and increase crash risks. CNBC reported that Tesla said on Thursday that the ...
1 month ago Silicon.co.uk
Voting for the first time—4 cybersecurity tips for new voters - Here’s a quick checklist for first-time voters and tips to help them keep their personal information safe this election cycle. Whether you're excited or just trying to get through it, there are a few things you’ll want to know—not just about ...
1 month ago Blog.avast.com
You don't need to pay for antivirus software - here's why | ZDNET - As for Windows? Well, Microsoft Defender Antivirus, which is included with every Windows PC, routinely aced the tests from third-party labs that measure the effectiveness of security software. Older Americans are significantly more likely to use ...
1 month ago Zdnet.com
The Future of AI Safety: What California's Vetoed Bill Means - Although the veto was a setback for the bill, it highlights key debates in the emerging field of AI governance and the potential for California to shape the future of AI regulation. With the rapid advancement of AI technology, California's ...
1 month ago Darkreading.com
Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure - Microsoft and the Justice Department have seized over 100 domains used by the Russian ColdRiver hacking group to target United States government employees and nonprofit organizations from Russia and worldwide in spear-phishing attacks. "Between ...
2 months ago Bleepingcomputer.com
Browser Firms Press EU To Reconsider Microsoft Edge | Silicon UK - Reuters reported that the letter to the European Commission was from Vivaldi, Waterfox, Wavebox and the Open Web Advocacy, and it alleges that Microsoft gives its Edge browser an unfair advantage. Reuters noted that the letter could bolster Norwegian ...
2 months ago Silicon.co.uk
New Linux Malware 'Perfctl' Targets Millions by Mimicking System Files - To protect your Linux systems from Perfctl, regularly update your operating system and software with the latest security patches, conduct vulnerability assessments, implement robust network security measures like firewalls and intrusion detection ...
2 months ago Hackread.com
Over 4,000 Adobe Commerce, Magento shops hacked in CosmicSting attacks - Website security company Sansec has been tracking the attacks since June 2024 and observed 4,275 stores breached in CosmicSting attacks, high-profile victims including Whirlpool, Ray-Ban, National Geographic,  Segway, and Cisco, which ...
2 months ago Bleepingcomputer.com
The 6 Best Email Security Software & Tools of 2024 - To guarantee full protection against email threats, important features to consider when picking an email security solution include email filtering and spam detection, sandboxing, mobile support, advanced machine learning, and data loss prevention. ...
2 months ago Esecurityplanet.com
How To Collect Malware Indicators Of Compromise In The ANY.RUN Sandbox - The sandbox captures various types of IOCs like “network communications,” “file system changes,” “registry modifications,” and “process behaviors,” enabling thorough threat assessment. The ANY.RUN ...
2 months ago Cybersecuritynews.com
Microsoft Invests €4.3 Billion In Italy For AI, Cloud | Silicon UK - Microsoft said that it’s data centre expansion in Northern Italy coupled with its commitment to provide extensive AI skills training, supports the rising demand for AI compute and cloud services across Italy as organisations look to boost ...
2 months ago Silicon.co.uk
'Defunct' DOJ ransomware task force raises questions, concerns | TechTarget - "The Office of the Deputy Attorney General (ODAG) memorandum that established the Ransomware Task Force also contained several strategic areas, including directing the Ransomware Task Force to design and implement a strategy to disrupt and dismantle ...
2 months ago Techtarget.com
Celebrating Latin and Hispanic Heritage Month - Cisco Blogs - While LHHM gives us a special opportunity to celebrate our culture, WE should continually uplift our community, honor our traditions, and show respect for other cultures, ensuring that the values of unity and diversity remain at the forefront of our ...
2 months ago Feedpress.me
Customer compliance and security during the post-quantum cryptographic migration | AWS Security Blog - For example, using the s2n-tls client built with AWS-LC (which supports the quantum-resistant KEMs), you could try connecting to a Secrets Manager endpoint by using a post-quantum TLS policy (for example, PQ-TLS-1-2-2023-12-15) and observe the PQ ...
2 months ago Aws.amazon.com
How Analysts Use Telegram API to Intercept Data Exfiltrated by Malware - To start the process of collecting threat actor’s Chat ID and bot token, the analysts found a relevant malware sample related to the domain “api.telegram.org” using ANY.RUN’s Threat Intelligence Lookup. The sandbox also allowed researchers to ...
2 months ago Cybersecuritynews.com
Cloudflare blocks largest recorded DDoS attack peaking at 3.8Tbps - Typically, threat actors launching DDoS attacks rely on large networks of infected devices (botnets) or look for ways to amplify the delivered data at the target, which requires a smaller number of systems. After scanning the public internet for ...
2 months ago Bleepingcomputer.com
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 23, 2024 to September 29, 2024) - Software Name Software Slug 012 Ps Multi Languages 012-ps-multi-languages ABC APP CREATOR abcapp-creator Absolute Reviews absolute-reviews Accordion accordions Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads quick-adsense-reloaded Advanced File ...
2 months ago Wordfence.com
The Secret Weakness Execs Are Overlooking: Non-Human Identities - By shifting our focus to secrets security and adopting a comprehensive approach that includes robust detection, automated remediation, and integration with identity systems, organizations can significantly reduce their attack surface and bolster ...
2 months ago Thehackernews.com
Operation Cronos extension on LockBit Ransomware and FIN7 Deepfake Malware - Cybersecurity Insiders - The European Union Agency for Law Enforcement Cooperation announced that additional arrests are anticipated in the coming weeks, as they have already compiled a list of individuals connected to the group, aiming to disrupt their operations and IT ...
2 months ago Cybersecurity-insiders.com
Celebrating Cisco’s Solutions Engineers in Honor of National Techies Day - Cisco Blogs - The solutions we create at Cisco deliver desired outcomes for partners and customers by providing the most comprehensive suite of products and services that support secure and flexible access to data and applications, optimize performance, and enable ...
2 months ago Feedpress.me
Thousands of Adobe Commerce e-stores hacked by exploiting CosmicSting bug - Sansec researchers reported that multiple threat actors have exploited a critical Adobe Commerce vulnerability, tracked as CVE-2024-34102 (aka CosmicSting, CVSS score of 9.8), to compromise more than 4,000 e-stores over the past three months. Over ...
2 months ago Securityaffairs.com
The Complete Guide to PAM Tools, Features, And Techniques - Before we can dig into specific PAM tools and techniques – it’s first helpful to discuss what effective privileged access management looks like. Privileged access management can’t exist in a silo, because hackers often rely on network/software ...
2 months ago Heimdalsecurity.com
Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) - Help Net Security - CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the bug to its Known Exploited ...
2 months ago Helpnetsecurity.com
Doppler Launches 'Change Requests' to Strengthen Secrets Management Security with Audited Approvals - Doppler, the leading platform in secrets management, today announces the launch of Change Requests, a new feature providing engineering teams with a secure, auditable approval process for managing and controlling secret changes across environments. ...
2 months ago Cybersecuritynews.com
UWA Innovates: Network Upgrade Transforms Student Experience, Boosts Security, and Drives Sustainability - Cisco Blogs - University of Western Australia (UWA) recognized that investment in its underlying network was a major lever to improve the student experience, automate the management of core functions and ensure university data was protected. Ensuring cybersecurity ...
2 months ago Feedpress.me
Doppler Launches 'Change Requests' to Strengthen Secrets Management Security with Audited Approvals - Cybersecurity Insiders - Doppler, the leading platform in secrets management, today announces the launch of Change Requests, a new feature providing engineering teams with a secure, auditable approval process for managing and controlling secret changes across environments. ...
2 months ago Cybersecurity-insiders.com
Doppler Launches 'Change Requests' to Strengthen Secrets Management Security with Audited Approvals - Cybersecurity Insiders - Doppler, the leading platform in secrets management, today announces the launch of Change Requests, a new feature providing engineering teams with a secure, auditable approval process for managing and controlling secret changes across environments. ...
2 months ago Cybersecurity-insiders.com
New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking - To mitigate the risk posed by perfctl, it's recommended to keep systems and all software up-to-date, restrict file execution, disable unused services, enforce network segmentation, and implement Role-Based Access Control (RBAC) to limit access to ...
2 months ago Thehackernews.com
Millions of Enterprises at Risk: SquareX Shows How Malicious Extensions Bypass Google’s MV3 Restrictions - Cybersecurity Insiders - This has made browser extensions a very effective and potent technique to silently be installed and monitor enterprise users, and attackers are leveraging them to monitor communication over web calls, act on the victim’s behalf to give permissions ...
2 months ago Cybersecurity-insiders.com
Millions of Enterprises at Risk: SquareX Shows How Malicious Extensions Bypass Google’s MV3 Restrictions - Cybersecurity Insiders - This has made browser extensions a very effective and potent technique to silently be installed and monitor enterprise users, and attackers are leveraging them to monitor communication over web calls, act on the victim’s behalf to give permissions ...
2 months ago Cybersecurity-insiders.com
Millions of Enterprises at Risk: SquareX Shows How Malicious Extensions Bypass Google’s MV3 Restrictions - Cybersecurity Insiders - This has made browser extensions a very effective and potent technique to silently be installed and monitor enterprise users, and attackers are leveraging them to monitor communication over web calls, act on the victim’s behalf to give permissions ...
2 months ago Cybersecurity-insiders.com
Millions of Enterprises at Risk: SquareX Shows How Malicious Extensions Bypass Google’s MV3 Restrictions - Cybersecurity Insiders - This has made browser extensions a very effective and potent technique to silently be installed and monitor enterprise users, and attackers are leveraging them to monitor communication over web calls, act on the victim’s behalf to give permissions ...
2 months ago Cybersecurity-insiders.com
OpenText report raises awareness for consumer digital life protection as privacy concerns increase with generative AI use - Webroot Blog - Additionally, while consumers have taken steps to protect their personal information, only 27% use privacy tools and settings to protect workplace information when using generative AI. Consumers can better protect their sensitive information from ...
2 months ago Webroot.com

Trending Cyber News (last 7 days)

CVE-2024-11083 - The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data ...
6 days ago Tenable.com
CVE-2024-53849 - editorconfig-core-c is theEditorConfig core library written in C (for use by plugins supporting EditorConfig parsing). In affected versions several overflows may occur in switch case '[' when the input pattern contains many escaped characters. The ...
6 days ago Tenable.com
CVE-2024-10895 - The Counter Up – Animated Number Counter & Milestone Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lgx-counter' shortcode in all versions up to, and including, 2.4.0 due to insufficient input ...
6 days ago Tenable.com
CVE-2024-11818 - A vulnerability classified as critical has been found in PHPGurukul User Registration & Login and User Management System 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument email leads to sql injection. It is ...
6 days ago Tenable.com
CVE-2024-36610 - A deserialization vulnerability exists in the Stub class of the VarDumper module in Symfony v7.0.3. The vulnerability stems from deficiencies in the original implementation when handling properties with null or uninitialized values. An attacker could ...
20 hours ago
CVE-2024-52959 - A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perform arbitrary system commands via a DLL file. ...
6 days ago Tenable.com
CVE-2024-11820 - A vulnerability, which was classified as problematic, has been found in code-projects Crud Operation System 1.0. This issue affects some unknown processing of the file /add.php. The manipulation of the argument saddress leads to cross site scripting. ...
6 days ago Tenable.com
CVE-2024-11817 - A vulnerability was found in PHPGurukul User Registration & Login and User Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php. The manipulation of the argument ...
6 days ago Tenable.com
CVE-2024-11925 - The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the ...
5 days ago Tenable.com
CVE-2024-11963 - A vulnerability, which was classified as critical, has been found in code-projects Responsive Hotel Site 1.0. Affected by this issue is some unknown functionality of the file /admin/room.php. The manipulation of the argument troom leads to sql ...
5 days ago
CVE-2024-11968 - A vulnerability was found in code-projects Farmacia up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file pagamento.php. The manipulation of the argument notaFiscal leads to sql injection. ...
4 days ago
CVE-2024-11971 - A vulnerability classified as problematic was found in Guizhou Xiaoma Technology jpress 5.1.2. Affected by this vulnerability is an unknown functionality of the file /commons/attachment/upload of the component Avatar Handler. The manipulation of the ...
4 days ago
CVE-2024-53739 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cool Plugins Cryptocurrency Widgets For Elementor allows PHP Local File Inclusion.This issue affects Cryptocurrency ...
2 days ago
CVE-2024-53757 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SocialEvolution WP Find Your Nearest allows Stored XSS.This issue affects WP Find Your Nearest: from n/a through 0.3.1. ...
2 days ago
CVE-2024-52958 - A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function. ...
6 days ago Tenable.com
CVE-2024-11219 - The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.0.6 via the get_image function. This makes it possible for unauthenticated ...
6 days ago Tenable.com
CVE-2024-53676 - A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution. ...
6 days ago Tenable.com
CVE-2024-11819 - A vulnerability classified as critical was found in 1000 Projects Portfolio Management System MCA 1.0. This vulnerability affects unknown code of the file /forgot_password_process.php. The manipulation of the argument username leads to sql injection. ...
6 days ago Tenable.com
CVE-2024-53673 - A java deserialization vulnerability in HPE Remote Insight Support allows an unauthenticated attacker to execute code. ...
6 days ago Tenable.com
CVE-2024-51058 - Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially exposing sensitive information. ...
6 days ago Tenable.com
CVE-2024-53555 - A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file. ...
1 week ago Tenable.com
CVE-2024-11103 - The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due to the plugin not properly validating a user's identity prior to updating their password. ...
5 days ago Tenable.com
CVE-2024-49502 - A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to ...
5 days ago Tenable.com
CVE-2024-11786 - The Login with Vipps and MobilePay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'continue-with-vipps' shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output ...
5 days ago Tenable.com
CVE-2024-11761 - The LegalWeb Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'legalweb-popup' shortcode in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied ...
5 days ago Tenable.com
CVE-2024-11960 - A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. The ...
5 days ago
CVE-2024-11964 - A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management system 1.0. This affects an unknown part of the file /user/index.php. The manipulation of the argument emailid leads to sql injection. It is possible to ...
5 days ago
CVE-2024-52338 - Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it ...
4 days ago
CVE-2024-11967 - A vulnerability was found in PHPGurukul Complaint Management system 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/reset-password.php. The manipulation of the argument email leads to sql injection. It is ...
4 days ago
CVE-2024-8300 - Dead Code vulnerability in ICONICS GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 and Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a ...
4 days ago
CVE-2024-11978 - DreamMaker from Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. ...
4 days ago
CVE-2024-54124 - In Click Studios Passwordstate before build 9920, there is a potential permission escalation on the edit folder screen. ...
4 days ago
CVE-2024-6173 - 51l3nc3, member of the AXIS OS Bug Bounty Program, has found that a Guard Tour VAPIX API parameter allowed the use of arbitrary values allowing for an attacker to block access to the guard tour configuration page in the web interface of the Axis ...
4 days ago
CVE-2024-53623 - Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to access sensitive information. ...
21 hours ago
CVE-2024-53787 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vinoth06 Random Banner allows Stored XSS.This issue affects Random Banner: from n/a through 4.2.9. ...
2 days ago
CVE-2024-53783 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Anzia Ni WooCommerce Cost Of Goods allows SQL Injection.This issue affects Ni WooCommerce Cost Of Goods: from n/a through 3.2.8. ...
2 days ago
CVE-2024-53786 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeless Cowidgets – Elementor Addons allows Stored XSS.This issue affects Cowidgets – Elementor Addons: from n/a through 1.2.0. ...
2 days ago
CVE-2024-10580 - The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized form submissions due to a missing capability check on the submit_form() function in all versions up to, and including, 7.8.5. This ...
6 days ago Tenable.com
CVE-2024-10175 - The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wdo_pricing_tables shortcode in all versions up to, and including, 1.4 due to insufficient ...
6 days ago Tenable.com
CVE-2024-5921 - An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the ...
6 days ago Tenable.com
CVE-2024-53675 - An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. ...
6 days ago Tenable.com
CVE-2024-53674 - An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. ...
6 days ago Tenable.com
CVE-2024-50942 - qiwen-file v1.4.0 was discovered to contain a SQL injection vulnerability via the component /mapper/NoticeMapper.xml. ...
6 days ago Tenable.com
CVE-2024-11828 - A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending ...
6 days ago Tenable.com
CVE-2024-11669 - An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application ...
6 days ago Tenable.com
CVE-2024-11668 - An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to ...
6 days ago Tenable.com
CVE-2024-53267 - sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a validly-signed but "mismatched" bundle is presented as proof of inclusion into a transparency ...
6 days ago Tenable.com
CVE-2024-52008 - Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces ...
6 days ago Tenable.com
CVE-2024-52475 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Automation Web Platform Wawp allows Authentication Bypass.This issue affects Wawp: from n/a before 3.0.18. ...
5 days ago
CVE-2024-52497 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in quomodosoft Shopready allows PHP Local File Inclusion.This issue affects Shopready: from n/a through 3.5. ...
5 days ago