Latest Cyber News

Hugging Face Hack: Spaces Secrets Exposed - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 week ago Gbhackers.com
Install the Fix to Stay Protected - Over the past week, we've been monitoring attempts to gain unauthorized access to VPNs, which we attributed to CVE-2024-24919. We quickly generated a fix which ensures these attempts are prevented once installed, and we are urging customers to ...
1 week ago Blog.checkpoint.com
Non-mobile malware statistics, Q1 2024 - More than 83,000 users experienced ransomware attacks, with 20% of all victims published on ransomware gangs' DLSs hit by LockBit. In Q1, Kaspersky solutions protected 83,270 unique users from ransomware Trojan attacks. Number of unique users ...
1 week ago Securelist.com
Malware report Q1 2024 - Targeted attacks Operation Triangulation: the final mystery. Last June, we published a series of reports on Operation Triangulation, a previously unknown iOS malware platform distributed via zero-click iMessage exploits that allowed an attacker to ...
1 week ago Securelist.com
Android malware and unwanted software statistics for Q1 2024 - Over 389,000 malicious installation packages were detected, of which: 11,729 packages were related to mobile banking Trojans, 1,990 packages were mobile ransomware Trojans. The rapid growth in the total number of attacks between Q2 and Q4 2023 is ...
1 week ago Securelist.com
Ticketmaster, Ticketek Australia breached, HHS notification change - This is the same threat actor group who breached the Spanish bank Santander around the same time. The third-party vendor in question, cloud storage provider Snowflake has denied that its products were to blame for the Ticketmaster breach, or the ...
1 week ago Cisoseries.com
What Is SOAR? Definition, Benefits & Use Cases - In general, a SOAR platform's user interface allows security teams to manage connections between all their existing security hardware and software. A strong SOAR solution should include standard orchestration features, automated processes and ...
1 week ago Esecurityplanet.com
High-risk Atlassian Confluence RCE fixed, PoC available - If you're self-hosting an Atlassian Confluence Server or Data Center installation, you should upgrade to the latest available version to fix a high-severity RCE flaw for which a PoC and technical details are already public. Confluence Server and Data ...
1 week ago Helpnetsecurity.com
Infosec products of the month: May 2024 - The Third-Party Intelligence module combines vendor-specific cyber threat intelligence with cybersecurity posture data from suppliers' tech environments, exposing a critical blind spot for security teams. Synopsys Polaris Assist automates repetitive, ...
1 week ago Helpnetsecurity.com
Organizations are moving from experimenting with AI to adopting it - Despite AI's potential, only 14% of organizations are ready to implement and utilize these technologies. While AI offers significant advantages, the focus must shift to essential, foundational actions to realize its full potential, emphasizing both ...
1 week ago Helpnetsecurity.com
Liquidmatrix Security Digest Podcast - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 week ago Securityboulevard.com
AI platform Hugging Face says hackers stole auth tokens from Spaces - AI platform Hugging Face says that its Spaces platform was breached, allowing hackers to access authentication secrets for its members. Hugging Face Spaces is a repository of AI apps created and submitted by the community's users, allowing other ...
1 week ago Bleepingcomputer.com
How Main Street Businesses Can Up Their Cybersecurity Game - Small businesses are not only essential in keeping Main Street thriving and bustling, but they are essential to our economy. Unauthorized access to data has the potential for significant financial loss that can be difficult or impossible to recover. ...
1 week ago Cyberdefensemagazine.com
FlyingYeti targets Ukraine using WinRAR exploit to drop Malware - MUST READ. FlyingYeti targets Ukraine using WinRAR exploit to deliver COOKBOX Malware. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Microsoft fixed two zero-day bugs exploited in malware attacks. ...
1 week ago Securityaffairs.com
Cisco Defense Orchestrator's Path to FedRAMP Authorization - Today I'd like to shed some light on the status and processes involved for one of these solutions as it moves forward on achieving FedRAMP® Authorization-Cisco Defense Orchestrator. Moving forward on FedRAMP. Cisco has made great progress in moving ...
1 week ago Feedpress.me
Police dismantle pirated TV streaming network that made $5.7 million - Spanish police have dismantled a network of illegal media content distribution that, since the start of its operations in 2015, has made over $5,700,000. The investigation began in November 2022 following a complaint submitted by the Alliance for ...
1 week ago Bleepingcomputer.com
newsletter Round 474 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Critical Fortinet's ...
1 week ago Securityaffairs.com
Snowflake at centre of world's largest data breach - Cloud AI Data platform Snowflake are having a bad month. Ticketmaster owner Live Nation filed an 8-K with the SEC for potentially the largest data breach ever, claimed to be 560 million customers. Additionally incidents are running at multiple other ...
1 week ago Doublepulsar.com
Navigating Email: From Spam Wars to Trusted Relationships - As I write this blog in June 2024, many government professionals, contractors, suppliers and even home users continue to complain that their inboxes are overflowing and/or out of control. In extreme cases, I have seen friends and colleagues delete ...
1 week ago Securityboulevard.com
Cyber Security News Weekly Round-Up - A clear understanding of the current threat environment is essential for promptly addressing risks and safeguarding important resources from the most recent forms of cyber attacks and threats. These sophisticated attacks involve the use of advanced ...
1 week ago Cybersecuritynews.com
Week in review: Attackers trying to access Check Point VPNs, NIST CSF 2.0 security metrics evolution - RansomLord: Open-source anti-ransomware exploit toolRansomLord is an open-source tool that automates the creation of PE files, which are used to exploit ransomware pre-encryption. Attackers are probing Check Point Remote Access VPN devicesAttackers ...
1 week ago Helpnetsecurity.com
The Billericay School faces critical incident after cyber attack - The Billericay School in Essex said its systems were compromised during the half-term holiday. He said the school would be closed to pupils in Year 7, 8, 9 and 12 on Monday so staff could prepare lessons while they did not have access to their ...
1 week ago Bbc.com
Lobbyists for AI-related issues surged in 2023: Report - The number of lobbyists working on issues related to artificial intelligence surged in 2023 compared to the previous four years as the federal government considered AI regulation, according to a report released by the advocacy group Public Citizen on ...
1 week ago Thehill.com
Ticketmaster confirms data breach impacting 560 million customers - MUST READ. Ticketmaster confirms data breach impacting 560 million customers. ABN Amro discloses data breach following an attack on a third-party provider. Christie disclosed a data breach after a RansomHub attack. OmniVision disclosed a data breach ...
1 week ago Securityaffairs.com
Ticketmaster confirms customer data breach - Live Nation Entertainment has confirmed what everyone has been speculating on for the last week: Ticketmaster has suffered a data breach. The third party it refers to is likely Snowflake, a cloud company used by thousands of companies to store, ...
1 week ago Malwarebytes.com
Snowflake denies breach, blames data theft on poorly secured customer accounts - Snowflake is disputing claims made by a threat actor who stole data belonging to Santander and Ticketmaster, and maintains that the theft of customer data was the result of stolen customer login credentials. On Friday, the company confirmed that some ...
1 week ago Helpnetsecurity.com
Critical Apache Log4j2 flaw still threatens global finance - Critical Apache Log4j2 flaw still threatens global finance. CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise ...
1 week ago Securityaffairs.com
Crooks stole more than $300M worth of Bitcoin from DMM Bitcoin - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Threat actors actively ...
1 week ago Securityaffairs.com
Kaspersky releases free tool that scans Linux for known threats - Kaspersky has released a new virus removal tool named KVRT for the Linux platform, allowing users to scan their systems and remove malware and other known threats for free. Kaspersky's new tool isn't a real-time threat protection tool but a ...
1 week ago Bleepingcomputer.com
Pirated Microsoft Office Distributes a Malware Cocktail to Infiltrates Systems - The hackers are distributing a malware cocktail via cracked versions of Microsoft Office marketed on torrent websites. Malware distributed to customers includes remote access trojans, cryptocurrency miners, malware downloaders, proxy tools, and ...
1 week ago Cysecurity.news
Google Chrome change that weakens ad blockers begins June 3rd - Google is continuing with its plan to phase out Manifest V2 extensions in Chrome starting in early June 2024, weakening the abilities of ad blockers. Google says this decision was made based on the community's progress and feedback, which were deemed ...
1 week ago Bleepingcomputer.com
Unmasking Moonstone Sleet: A Deep Dive into North Korea's Latest Cyber Threat - Moonstone Sleet: A New North Korean Threat Actor Microsoft discovered a new North Korean threat actor, Moonstone Sleet, who targets companies with a combination of tried-and-true techniques used by other North Korean threat actors as well as unique ...
1 week ago Cysecurity.news
CISA Warns: Patch Now! Actively Exploited Linux Kernel Vulnerability Puts Systems at Risk - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 week ago Hackersonlineclub.com
What happens when facial recognition gets it wrong - These first-party cookies are necessary for the functioning and security of our website and the services you require. They are usually set in response to your actions to enable the use of certain functionality, such as remembering your cookie ...
1 week ago Welivesecurity.com
Understanding Credential Phishing - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 week ago Securityboulevard.com
TechCrunch is part of the Yahoo family of brands - We, TechCrunch, are part of the Yahoo family of brandsThe sites and apps that we own and operate, including Yahoo and AOL, and our digital advertising service, Yahoo Advertising. Authenticate users, apply security measures, and prevent spam and ...
1 week ago Techcrunch.com
Twitch ditches expert safety advisors for 'ambassador' team The Register - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 week ago Go.theregister.com
For the Love of Learning: We're Here for You at Cisco Live 2024 Las Vegas! - Cisco Live is all about learning, as are Cisco Learning & Certifications and Cisco U. We're here to provide the opportunities you need to learn everything you can and apply your newfound knowledge as soon as possible in the tech career you want. ...
1 week ago Feedpress.me
Adaptive DDoS Defense's Value in the Security Ecosystem - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 week ago Securityboulevard.com
ShinyHunters is selling data of 30 million Santander customers - MUST READ. ShinyHunters is selling data of 30 million Santander customers. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 ...
1 week ago Securityaffairs.com
TechCrunch is part of the Yahoo family of brands - We, TechCrunch, are part of the Yahoo family of brandsThe sites and apps that we own and operate, including Yahoo and AOL, and our digital advertising service, Yahoo Advertising. Authenticate users, apply security measures, and prevent spam and ...
1 week ago Techcrunch.com
Snowflake denies cyber-thieves broke through its security The Register - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 week ago Go.theregister.com
Ticketmaster confirms massive breach after stolen data for sale online - Live Nation has confirmed that Ticketmaster suffered a data breach after its data was stolen from a third-party cloud database provider, which is believed to be Snowflake. While the breach has allegedly exposed the data of over 560 million ...
1 week ago Bleepingcomputer.com
Live Nation finally confirms massive Ticketmaster data breach - Live Nation has confirmed that Ticketmaster suffered a data breach after its data was stolen from a third-party cloud database provider, which is believed to be Snowflake. While the breach has allegedly exposed the data of over 560 million ...
1 week ago Bleepingcomputer.com
HHS reverses course, allows Change Healthcare to file breach notifications for others - The Department of Health and Human Services changed course on Friday and announced that it will allow Change Healthcare to file breach notifications on behalf of the thousands of organizations impacted by February's ransomware attack. HHS updated a ...
1 week ago Therecord.media
Senator lambasts UnitedHealth for picking 'unqualified' CISO The Register - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 week ago Go.theregister.com
TechCrunch is part of the Yahoo family of brands - We, TechCrunch, are part of the Yahoo family of brandsThe sites and apps that we own and operate, including Yahoo and AOL, and our digital advertising service, Yahoo Advertising. Authenticate users, apply security measures, and prevent spam and ...
1 week ago Techcrunch.com
Mystery attacker remotely bricked 600,000 SOHO routers The Register - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
2 weeks ago Go.theregister.com
In the jungle of AWS S3 Enumeration - Misconfigured S3 buckets can be a gateway to sensitive data exposure. In this guide, we will delve into advanced methods for S3 bucket reconnaissance - essential for cloud pentesters and cloud security experts to identify and secure vulnerable ...
2 weeks ago Hackread.com
OpenAI stops five ineffective AI covert influence ops The Register - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
2 weeks ago Go.theregister.com
Patients' personal information possibly exposed in data breach at UChicago Medicine - CHICAGO - The personal information of hundreds, if not thousands, of patients was potentially exposed following a data breach at UChicago Medicine earlier this year. UChicago says the breach happened between Jan. 4 and Jan. 30 when a hacker accessed ...
2 weeks ago Cbsnews.com
Over 25k BBC pensioners' records stolen in database raid The Register - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
2 weeks ago Theregister.com
NFTs magnets for fraud, but not terrorists, says US Treasury The Register - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
2 weeks ago Theregister.com
Mystery attacker remotely bricked 600,000 SOHO routers The Register - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
2 weeks ago Theregister.com
Make Your Buildings Smarter with Cisco Spaces Cloud - With Cisco Spaces your existing network infrastructure becomes a sensor that allows you to extract network data to make your buildings smarter. Cisco Spaces Firehose API. Designed for the cloud-first era, the Firehose API offers a low-latency, ...
2 weeks ago Feedpress.me
One Phish, Two Phish, Red Phish, Blue Phish - I sat down for a chat with George Skouroupathis, our phishing expert at Resonance Security. Phishing is often the first step taken by hackers in a larger scam. There are lots of different kinds of phishing attacks, but one of the most prevalent is ...
2 weeks ago Hackread.com
Microsoft: Windows 11 preview update causes taskbar crashes - Microsoft warned customers on Thursday that the May 2024 non-security preview update for Windows 11 is causing taskbar crashes and glitches. This month's KB5037853 optional update was released on Thursday, and it fixes multiple File Explorer problems ...
2 weeks ago Bleepingcomputer.com
NFTs magnets for fraud, but not terrorists, says US Treasury The Register - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
2 weeks ago Go.theregister.com
Proofpoint's CISO 2024 Report: Top Challenges Include Human Error & Risk - In Proofpoint's 2024 Voice of the CISO report, the cybersecurity company found that CISOs are dealing with people-centric threats more than ever. Plus, cybersecurity budgets often don't change, and AI can help and hurt CISOs' efforts. Regarding the ...
2 weeks ago Techrepublic.com
What is Extortionware? How is It Different From Ransomware? - Let's look at how extortionware works, how it compares to ransomware and why the threat of extortionware is likely to continue growing in years to come. Once access is gained, the victim's data is stolen and analyzed to identify information that can ...
2 weeks ago Techtarget.com
Scammers are playing college kids with free piano offers - Cybercriminals are targeting college students and faculty with advance fee scams centered around pianos. In an advance fee fraud scam, victims are usually asked for a small amount of money up front in exchange for a larger amount to be paid at a ...
2 weeks ago Therecord.media
Pirated Microsoft Office delivers malware cocktail on systems - Cybercriminals are distributing a malware cocktail through cracked versions of Microsoft Office promoted on torrent sites. The malware delivered to users includes remote access trojans, cryptocurrency miners, malware downloaders, proxy tools, and ...
2 weeks ago Bleepingcomputer.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
2 weeks ago Securityaffairs.com
Data of 560 million Ticketmaster customers for sale after alleged breach - A threat actor known as ShinyHunters is selling what they claim is the personal and financial information of 560 million Ticketmaster customers on the recently revived BreachForums hacking forum for $500,000. The allegedly stolen databases, which ...
2 weeks ago Bleepingcomputer.com
Law enforcement conducts 'largest ever' botnet takedown - In the latest high-profile law enforcement action against cybercrime, agencies disrupted several notorious botnets and malware droppers widely used in ransomware attacks. Europol on Thursday announced that an international law enforcement action, ...
2 weeks ago Techtarget.com
The 7 Core Pillars of a Zero-Trust Architecture - The zero-trust framework is gaining traction in the enterprise due to its security benefits. Organizations are increasingly adopting a zero-trust model in their security programs, replacing the traditional perimeter-based security model. The ...
2 weeks ago Techtarget.com
AI Threat Scenario, GuLoader, DarkGate, MirrorBlast, Kutaki Stealer and More - In this version of the Hacker's Playbook Threat Coverage round-up, we are highlighting attack coverage for newly discovered or analyzed threats, including a newly created scenario that leverages AI Generated malware. McAfee Labs researchers recently ...
2 weeks ago Securityboulevard.com
Flawed AI Tools Create Worries for Private LLMs, Chatbots - Companies that use private instances of large language models to make their business data searchable through a conversational interface face risks of data poisoning and potential data leakage if they do not properly implement security controls to ...
2 weeks ago Darkreading.com
Top 6 benefits of zero-trust security for businesses - Rather than create a framework from scratch, security leaders can choose from the several publicly available methodologies to benefit their own infosec programs. One of the more high-profile examples of available frameworks is the zero-trust security ...
2 weeks ago Techtarget.com
Experts found a macOS version of the sophisticated LightSpy spyware - Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits JetBrains TeamCity bugs in ransomware attacks. Experts released PoC exploit for critical ...
2 weeks ago Securityaffairs.com
ShinyHunters Breach Santander Bank, 30M User Data for Sale - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
2 weeks ago Hackread.com
Is Imitation A Form Of Flattery? Scarlett Johansson Doesn't Think So - It all started when Open AI's CEO Sam Altman unveiled a new ChatGPT version that included a new voice assistant seemingly inspired by the movie Her. Controversy started bubbling over how Scarlett Johansson's AI assistant character influenced ...
2 weeks ago Blog.avast.com
Cybersecurity Management Lessons from Healthcare Security Breaches - 2024 looks like it will only increase the number of affected individuals considering the scale of ransomware attacks from the first half of the year in the USA, Canada, and Australia. Unusual activity detected on May 8, 2024, caused Ascension ...
2 weeks ago Esecurityplanet.com
Malware botnet bricked 600,000 routers in mysterious 2023 attack - A malware botnet named 'Pumpkin Eclipse' performed a mysterious destructive event in 2023 that destroyed 600,000 office/home office internet routers offline, disrupting customers' internet access. According to researchers at Lumen's Black Lotus Labs, ...
2 weeks ago Bleepingcomputer.com
Malware botnet bricked 600,000 routers in mysterious 2023 event - A malware botnet named 'Pumpkin Eclipse' performed a mysterious destructive event in 2023 that destroyed 600,000 office/home office internet routers offline, disrupting customers' internet access. According to researchers at Lumen's Black Lotus Labs, ...
2 weeks ago Bleepingcomputer.com

Trending Cyber News (last 7 days)

CVE-2024-35325 - A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free. ...
1 day ago
CVE-2024-24704 - Missing Authorization vulnerability in AddonMaster Load More Anything.This issue affects Load More Anything: from n/a through 3.3.3. ...
3 days ago Tenable.com
CVE-2024-38279 - The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes. ...
1 day ago
CVE-2024-5692 - On Windows, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected ...
3 days ago Tenable.com
CVE-2024-5584 - The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and ...
3 days ago Tenable.com
CVE-2024-36827 - An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input. ...
6 days ago
CVE-2024-3133 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. ...
6 days ago
CVE-2024-35692 - Missing Authorization vulnerability in Termly Cookie Consent.This issue affects Cookie Consent: from n/a through 3.2. ...
3 days ago Tenable.com
CVE-2024-32703 - Missing Authorization vulnerability in reputeinfosystems ARForms.This issue affects ARForms: from n/a through 6.4. ...
5 days ago Tenable.com
CVE-2024-37307 - Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of `cilium-bugtool` can contain sensitive data when the tool is run ...
1 day ago
CVE-2024-32715 - Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through 1.1.1. ...
5 days ago Tenable.com
CVE-2024-35303 - A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0012), Tecnomatix Plant Simulation V2404 (All versions < V2404.0001). The affected applications contain a type confusion vulnerability while parsing ...
3 days ago Tenable.com
CVE-2024-5699 - In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the ...
3 days ago Tenable.com
CVE-2024-5694 - An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox < 127. ...
3 days ago Tenable.com
CVE-2024-35748 - Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through 5.0.4. ...
4 days ago Tenable.com
CVE-2024-5693 - Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127 and Firefox ESR < 115.12. ...
3 days ago Tenable.com
CVE-2024-23595 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. ...
6 days ago
CVE-2024-35661 - Missing Authorization vulnerability in SoftLab Upload Fields for WPForms.This issue affects Upload Fields for WPForms: from n/a through 1.0.2. ...
4 days ago Tenable.com
CVE-2024-32714 - Missing Authorization vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.16. ...
5 days ago Tenable.com
CVE-2023-47845 - Cross-Site Request Forgery (CSRF) vulnerability in Lim Kai Yang Grab & Save.This issue affects Grab & Save: from n/a through 1.0.4. ...
2 days ago Tenable.com
CVE-2024-2461 - If exploited an attacker could traverse the file system to access files or directories that would otherwise be inaccessible ...
3 days ago Tenable.com
CVE-2023-6997 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. ...
6 days ago
CVE-2024-5761 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: [CVE-2024-5260]. Reason: This candidate is a reservation duplicate of [CVE-2024-5260]. Notes: All CVE users should reference [CVE-ID] instead of this candidate. All ...
6 days ago
CVE-2024-33561 - Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8. ...
5 days ago
CVE-2024-32704 - Missing Authorization vulnerability in reputeinfosystems ARForms.This issue affects ARForms: from n/a through 6.4. ...
5 days ago Tenable.com
CVE-2024-21751 - Missing Authorization vulnerability in RabbitLoader.This issue affects RabbitLoader: from n/a through 2.19.13. ...
4 days ago Tenable.com
CVE-2024-2092 - The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied ...
2 days ago Tenable.com
CVE-2024-32811 - Insertion of Sensitive Information into Log File vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.4. ...
5 days ago
CVE-2024-2462 - Allow attackers to intercept or falsify data exchanges between the client and the server ...
3 days ago Tenable.com
CVE-2024-35669 - Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1. ...
5 days ago
CVE-2024-28833 - Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms. ...
4 days ago Tenable.com
CVE-2024-35741 - Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.7. ...
4 days ago Tenable.com
CVE-2024-35735 - Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.11. ...
4 days ago Tenable.com
CVE-2024-35721 - Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through 1.4.5. ...
4 days ago Tenable.com
CVE-2024-5698 - By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 127. ...
3 days ago Tenable.com
CVE-2024-35292 - A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC ...
3 days ago Tenable.com
CVE-2023-47828 - Missing Authorization vulnerability in Mandrill wpMandrill.This issue affects wpMandrill: from n/a through 1.33. ...
2 days ago Tenable.com
CVE-2023-49224 - Precor touchscreen console P62, P80, and P82 contains a default SSH public key in the authorized_keys file. A remote attacker could use this key to gain root privileges. ...
6 days ago
CVE-2024-32787 - Missing Authorization vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 3.7.1. ...
5 days ago
CVE-2024-34802 - Missing Authorization vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through 1.8.5. ...
4 days ago Tenable.com
CVE-2024-5697 - A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox < 127. ...
3 days ago Tenable.com
CVE-2024-5695 - If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This vulnerability affects Firefox < ...
3 days ago Tenable.com
CVE-2023-51413 - Missing Authorization vulnerability in Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.29. ...
2 days ago Tenable.com
CVE-2024-1694 - Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: High) ...
6 days ago
CVE-2024-32783 - Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through 3.0.0. ...
5 days ago
CVE-2024-32798 - Missing Authorization vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.8.0. ...
5 days ago
CVE-2024-32813 - Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.9. ...
5 days ago
CVE-2024-5056 - CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem. ...
2 days ago Tenable.com
CVE-2024-5674 - The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the check_api_key function in all versions up to, and including, 2.4.5. This makes it possible for ...
2 days ago Tenable.com
CVE-2024-31350 - Missing Authorization vulnerability in AWP Classifieds Team AWP Classifieds.This issue affects AWP Classifieds: from n/a through 4.3.1. ...
5 days ago Tenable.com