Latest Cyber News

FireTail Unveils Free Access for All to Cutting-Edge API Security Platform - FireTail announces a free version of its enterprise-level API security tools, making them accessible to developers and organizations of all sizes. FireTail's unique combination of open-source code libraries, inline API call evaluation, security ...
2 months ago Cybersecurity-insiders.com
Hackers of Indonesian government apologize and give key The Register - Brain Cipher, the group responsible for hacking into Indonesia's Temporary National Data Center and disrupting the country's services, has seemingly apologized for its actions and released an encryption key to the government. In the statement, Brain ...
2 months ago Go.theregister.com
Ransomware news trending on Google - Patelco Credit Union, a prominent non-profit organization in the San Francisco Bay Area, confirmed it fell victim to a ransomware attack affecting banking systems used by over 500,000 members. Erin Mendez, the CEO issued a statement that the company ...
2 months ago Cybersecurity-insiders.com
Hackers steal millions of Authy 2FA phone numbers - Malicious actors have managed to steal more than 33 million phone numbers used by users of the two-factor authentication service Authy. ADVERTISEMENT. Authy is a popular security application to manage authentication codes for apps and online ...
2 months ago Ghacks.net
4 key steps to building an incident response plan - In this Help Net Security interview, Mike Toole, head of security and IT at Blumira, discusses the components of an effective security incident response strategy and how they work together to ensure organizations can address cybersecurity issues. An ...
2 months ago Helpnetsecurity.com
Organizations use outdated approaches to secure APIs - Security teams are struggling to keep pace with the risks posed by organizations' dependency on modern applications-the technology that underpins all of today's most used sites, according to Cloudflare. The report underscores that the volume of ...
2 months ago Helpnetsecurity.com
MSI Installer Vulnerability Let Attackers Escalate Privileges with Windows Systems - A critical local privilege escalation vulnerability has been discovered in MSI Center versions 2.0.36.0 and earlier, allowing low-privileged users to escalate their privileges on Windows systems. This security flaw, tracked as CVE-2024-37726, stems ...
2 months ago Cybersecuritynews.com
Only 13% of organizations are cyber mature - A staggering 83% of organizations have suffered a material security breach recently, with over half occurring in the past year alone, underscoring the critical need for advanced preparedness and agile response strategies, according to Commvault. For ...
2 months ago Helpnetsecurity.com
International Operation Takes Down 593 Malicious Cobalt Strike Servers - Law enforcement agencies from around the world have successfully shut down 593 rogue servers running unauthorized versions of Cobalt Strike, a tool often misused by cybercriminals. Cobalt Strike, developed in 2012 by Raphael Mudge and now owned by ...
2 months ago Cybersecuritynews.com
Flask Web App: Smart Honeypot Deployment With RL - The goal of a honeypot is to deceive attackers into interacting with them, enabling security experts to observe and analyze their behavior. By applying RL, we can develop a smart honeypot deployment system that learns and adapts to emerging threats ...
2 months ago Feeds.dzone.com
It's Time For Lawmakers to Listen to Courts: Your Law Regulating Online Speech Will Harm Internet Users' Free Speech Rights - Despite a long history of courts ruling that government efforts to regulate speech online harm all internet users and interfere with their First Amendment rights, state and federal lawmakers continue to pass laws that do just that. Three separate ...
2 months ago Eff.org
Emulating the Sabotage-Focused Russian Adversary Sandworm- Part 2 - Adversary Emulation PublishedJuly 3, 2024 AttackIQ has released two new attack graphs that emulate the behaviors exhibited by the highly sophisticated Russian adversary Sandworm during various destructive activities against targets in Ukraine and ...
2 months ago Securityboulevard.com
What's new in the MSRC Report Abuse Portal and API - The Microsoft Security Response Center has always been at the forefront of addressing cyber threats, privacy issues, and abuse arising from Microsoft Online Services. Building on our commitment, we have introduced several key updates to the Report ...
2 months ago Msrc.microsoft.com
Dissecting GootLoader With Node.js - This article shows how to circumvent anti-analysis techniques from GootLoader malware while using Node.js debugging in Visual Studio Code. In our debugging endeavor for GootLoader files, we use a Windows host with Node.js JavaScript runtime and ...
2 months ago Unit42.paloaltonetworks.com
TechCrunch is part of the Yahoo family of brands - We, TechCrunch, are part of the Yahoo family of brandsThe sites and apps that we own and operate, including Yahoo and AOL, and our digital advertising service, Yahoo Advertising. Authenticate users, apply security measures, and prevent spam and ...
2 months ago Techcrunch.com
CVE of the month, the supply chain attack hidden for 10 years CVE-2024-38368 - CVE-2024-38368 is a vulnerability that affects the open-source supply chain of iOS and MacOS applications. CocoaPod is a dependency manager for Swift and Objective-C, essentially it is the NPM, RubyGems or PyPi equivalent of Swift and Objective-C. ...
2 months ago Securityboulevard.com
TechCrunch is part of the Yahoo family of brands - We, TechCrunch, are part of the Yahoo family of brandsThe sites and apps that we own and operate, including Yahoo and AOL, and our digital advertising service, Yahoo Advertising. Authenticate users, apply security measures, and prevent spam and ...
2 months ago Techcrunch.com
Ransomware attack on Patelco Credit Union causes confusion ahead of holiday weekend - One of the largest credit unions on the West Coast continues to struggle with its operations following a ransomware attack that began on Saturday. Patelco Credit Union - one of the nation's oldest credit unions with more than $9 billion in assets - ...
2 months ago Therecord.media
Any IoT Device Can Be Hacked, Even Grills - As more and more household appliances and devices become Internet-capable, they also become vulnerable to potential exploitation. For people who take grilling seriously, they now face the possibility of a ruined cookout - not because they picked the ...
2 months ago Darkreading.com
HealthEquity data breach exposes protected health information - Healthcare fintech firm HealthEquity is warning that it suffered a data breach after a partner's account was compromised and used to access the Company's systems to steal protected health information. The Company says it detected the compromise after ...
2 months ago Bleepingcomputer.com
Europol Announces Crackdown on Cobalt Strike Servers Used by Cybercriminals - European law enforcement agency Europol on Wednesday announced a global crackdown against the use of legitimate security tools by cybercriminals, including the takedown of nearly 600 Cobalt Strike servers linked to criminal activity. The agency said ...
2 months ago Securityweek.com
Bay Area Credit Union Struggles to Recover After Ransomware Attack - Tens of thousands of customers of Bay Area credit union Patelco remain without access to their accounts, following a crippling ransomware attack on the 88-year-old financial institution. The June 29 attack forced the credit union to shut down several ...
2 months ago Darkreading.com
Operation Morpheus took down 593 Cobalt Strike servers used by threat actors - Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Experts released PoC exploit code for a critical bug in Progress Telerik Report Servers. Threat actors may have exploited a zero-day in older iPhones, Apple warns. Nation-state ...
2 months ago Securityaffairs.com
Three Ways to Chill Attacks on Snowflake - More than a month after a spate of data theft of Snowflake environments, the full scope of the incident has become more clear: at least 165 likely victims, more than 500 stolen credentials, and suspicious activity connected to known malware from ...
2 months ago Darkreading.com
Passkey Redaction Attacks Subvert GitHub, Microsoft Authentication - While online accounts are increasingly protected by passkey technology, it turns out that many banking, e-commerce, social media, website domain name administration, software development platforms, cloud accounts, and more can still be compromised ...
2 months ago Darkreading.com
5 ChromeOS settings you should change for a more secure Chromebook - ChromeOS is not merely a simplified operating system. ChromeOS is also a relatively secure operating system - thanks to its multiple layers of protection for preventing things like viruses and malware from harming your device and accessing your data. ...
2 months ago Zdnet.com
TechCrunch is part of the Yahoo family of brands - We, TechCrunch, are part of the Yahoo family of brandsThe sites and apps that we own and operate, including Yahoo and AOL, and our digital advertising service, Yahoo Advertising. Authenticate users, apply security measures, and prevent spam and ...
2 months ago Techcrunch.com
Fintech Frenzy: Affirm & Others Emerge as Victims in Evolve Breach - A ransomware attack against a large financial services provider has become a problem for many companies it works with, two of which have already alluded to potential negative impacts on customer data. The infamous LockBit group earned some undue ...
2 months ago Darkreading.com
Xbox is down worldwide with users unable to login, play games - The Xbox Live service is currently down due to a major outage, impacting customers worldwide and preventing them from signing into their Xbox accounts and playing games. According to a massive stream of user reports, the online gaming platform has ...
2 months ago Bleepingcomputer.com
Evolve Bank data breach impacted fintech firms Wise and Affirm - MUST READ. Evolve Bank data breach impacted fintech firms Wise and Affirm. Keytronic confirms data breach after ransomware attack. ABN Amro discloses data breach following an attack on a third-party provider. Christie disclosed a data breach after a ...
2 months ago Securityaffairs.com
PTC License Server Bug Needs Immediate Patch Against Critical Flaw - Days after the Cybersecurity and Infrastructure Security Agency and industrial computer-aided design software provider PTC raised the alarm about a critical flaw in one of its servers, a patch has been issued. First reported on June 25, the critical ...
2 months ago Darkreading.com
Threat Brief: CVE-2024-6387 OpenSSH RegreSSHion Vulnerability - On July 1, 2024, a critical signal handler race condition vulnerability was disclosed in OpenSSH servers on glibc-based Linux systems. Using Palo Alto Networks Xpanse data, we observed 23 million instances of OpenSSH servers including all versions. ...
2 months ago Unit42.paloaltonetworks.com
Vulnerabilities in PanelView Plus devices could lead to remote code execution - Microsoft discovered and responsibly disclosed two vulnerabilities in Rockwell Automation PanelView Plus that could be remotely exploited by unauthenticated attackers, allowing them to perform remote code execution and denial-of-service. The RCE ...
2 months ago Microsoft.com
Cyber Workforce Numbers Rise for Larger Organizations - Larger organizations in particular have strengthened their cyber workforce this year: On average, organizations with more than $1 billion in revenue had one cyber professional per 1,086 employees. The companies at the top of their game when it comes ...
2 months ago Darkreading.com
TechCrunch is part of the Yahoo family of brands - We, TechCrunch, are part of the Yahoo family of brandsThe sites and apps that we own and operate, including Yahoo and AOL, and our digital advertising service, Yahoo Advertising. Authenticate users, apply security measures, and prevent spam and ...
2 months ago Techcrunch.com
Google now pays $250,000 for KVM zero-day vulnerabilities - Google has launched kvmCTF, a new vulnerability reward program first announced in October 2023 to improve the security of the Kernel-based Virtual Machine hypervisor that comes with $250,000 bounties for full VM escape exploits. KVM, an open-source ...
2 months ago Bleepingcomputer.com
Patelco shuts down banking systems following ransomware attack - Patelco Credit Union has disclosed it experienced a ransomware attack that led to the proactive shutdown of several of its customer-facing banking systems to contain the incident's impact. Patelco is an American credit union with assets exceeding $9 ...
2 months ago Bleepingcomputer.com
Notification of Data Breach - Human Technology and its affiliates became aware of this suspicious activity within its environment on March 15, 2024. Maintaining the confidentiality, privacy, and security of information in our care is important to us and therefore upon becoming ...
2 months ago Darkreading.com
Rapid7 To Acquire Attack Surface Management Startup Noetic Cyber - The cybersecurity vendor says the planned acquisition will assist with improving visibility across multiple types of assets and environments. Rapid7 announced Monday it has reached a deal to acquire Noetic Cyber, a startup whose technology is aimed ...
2 months ago Crn.com
Implementing Zero Trust and Mitigating Risk: ISC2 Courses to Support Your Development - PRESS RELEASE. Zero trust security is a proactive and robust approach to cybersecurity that addresses modern threats by continuously verifying and monitoring all network activities. While its implementation can be complex and resource-intensive, the ...
2 months ago Darkreading.com
Fintech company Affirm says Evolve Bank attack exposed customer info - Financial technology company Affirm told regulators this week that a cyberattack on a banking partner exposed customer information. Affirm - which runs one of the biggest buy now, pay later platforms - told the Securities and Exchange Commission on ...
2 months ago Therecord.media
How LLMs Can Revolutionize Email Security - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
2 months ago Feeds.dzone.com
LockBit claims cyberattack on Croatia's largest hospital - The LockBit ransomware gang has claimed responsibility for a cyberattack on Croatia's largest hospital, which forced it to shut down IT systems for a day. The group claims to have gained access to patient and employee information, medical records, ...
2 months ago Therecord.media
Careful with your marshmallows ???? - In today's post, the multifaceted and multitalented Wolfgang Von Lycanz illustrates how the internet can amplify the best parts of us.... -Aaron JueEFF Membership Team. My boss knows me as Wolfgang, the mild-mannered insurance actuary. On the ...
2 months ago Eff.org
Affirm says cardholders impacted by Evolve Bank data breach - Buy now, pay later loan company Affirm is warning that holders of its payment cards had their personal information exposed due to a data breach at its third-party issuer, Evolve Bank & Trust. Evolve is a large financial services provider specializing ...
2 months ago Bleepingcomputer.com
How Patch Management Software Solves the Update Problem - I've never met an IT leader who doesn't know how important patch management is. At Heimdal, we believe patch management software provides the solution to this problem. Patch management software is a technology that allows businesses to automate the ...
2 months ago Heimdalsecurity.com
Life at Fortinet: Product Marketing Innovation - The goal is to discover how each individual's formal and informal education, professional and personal experience, enthusiasm for cybersecurity, and dedication to the company's mission help make Fortinet one of the world's leading cybersecurity ...
2 months ago Feeds.fortinet.com
Transforming in the Age of Healthcare Digitalization - Healthcare and technology increasingly intersect in today's world, and cybersecurity has become a primary concern for many companies. The recent attack on Change Healthcare serves as a harsh reminder of the vulnerabilities facing the healthcare ...
2 months ago Cyberdefensemagazine.com
CISA Releases the Marine Transportation System Resilience Assessment Guide - WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency is releasing an update to the agency's Marine Transportation System Resilience Assessment Guide with a new, more accessible web-based tool for stakeholders in the maritime ...
2 months ago Cisa.gov
'Almost every Apple device' vulnerable to CocoaPods The Register - CocoaPods, an open-source dependency manager used in over three million applications coded in Swift and Objective-C, left thousands of packages exposed and ready for takeover for nearly a decade - thereby creating opportunities for supply chain ...
2 months ago Packetstormsecurity.com
TeamViewer Hack Officially Attributed to Russian Cyberspies - TeamViewer has confirmed that a notorious Russian cyberespionage group appears to be behind the recent hacker attack targeting the company's systems. The remote connectivity software provider revealed last week that it had detected an intrusion on ...
2 months ago Packetstormsecurity.com
Splunk Patches High-Severity Vulnerabilities in Enterprise Product - Splunk on Monday announced patches for 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including six high-severity bugs. Three of the high-severity issues are remote code execution flaws that require authentication for successful ...
2 months ago Packetstormsecurity.com
Google Patches 25 Android Flaws, Including Critical Privilege Escalation Bug - Google has released patches for 25 documented security vulnerabilities in the Android operating system, including a critical-severity flaw in the Framework component. The critical bug, tracked as CVE-2024-31320, impacts Android versions 12 and 12L ...
2 months ago Packetstormsecurity.com
Who can it be now? Australia warns of rogue Wi-Fi at airports - Officials in Australia are warning travelers following the discovery of rogue Wi-Fi points in one of the nation's airports. The Australian Federal Police issued an alert after busting up a data-harvesting operation at the Perth Airport on the ...
2 months ago Packetstormsecurity.com
CISA Releases Seven Industrial Control Systems Advisories - These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. This ...
2 months ago Cisa.gov
Deepwatch appoints John DiLullo as CEO - Deepwatch announced that John DiLullo has been appointed as CEO, succeeding Charlie Thomas who is retiring and will serve as chairman of the Board of Directors, effective immediately. John DiLullo is a veteran of the cybersecurity industry with more ...
2 months ago Helpnetsecurity.com
Ransomware Attack Demands Reach a Staggering $5.2m in 2024 - The average extortion demand per ransomware attack was over $5.2m in the first half of 2024, according to a new analysis by Comparitech. This figure was calculated from 56 known ransom demands issued by threat actors from January-June 2024. The ...
2 months ago Infosecurity-magazine.com
Google Launches $250,000 kvmCTF Bug Bounty Program for KVM Exploits - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
2 months ago Hackread.com
It all adds up: Pretexting in executive compromise - If attackers can gain the trust of executives using layered social engineering techniques, they may be able to access sensitive corporate information such as intellectual property, financial data or administrative control logins and passwords. While ...
2 months ago Securityintelligence.com
an Evolution in Brand Spoofing Prevention - This technology uses advanced technologies, such as AI, Natural Language Processing, image processing, and heuristics, to detect and prevent attempts of brand impersonation by matching URLs and web pages with established brands. Our new DeepBrand ...
2 months ago Blog.checkpoint.com
It's World UFO Day! Defend Against Unidentified File Objects with Votiro - It'll still be World UFO Day next July 2nd. While we might not have definitive answers about extraterrestrials or Unidentified Flying Objects soaring through the skies, we can help you identify and defend against Unidentified FILE Objects lurking in ...
2 months ago Securityboulevard.com
Stolen credentials could unmask thousands of darknet child abuse website users - Thousands of people with accounts on darknet websites for sharing child sexual abuse material could be unmasked using information stolen by cybercriminals, according to research published Tuesday. In a proof-of-concept report, researchers at Recorded ...
2 months ago Therecord.media
Stress-Testing Security Assumptions in a World of New & Novel Risks - The most devastating security failures often are the ones that we can't imagine - until they happen. Prior to 9/11, national security and law enforcement planners assumed airline hijackers would land the planes in search of a negotiated settlement - ...
2 months ago Darkreading.com
Google Pixel 6 series phones bricked after factory reset - Factory resets wipe the device of all personal data, apps, and settings and are typically performed when the device owner prepares it for resale. The Pixel 6 series, released in late 2021, is approaching the typical upgrade cycle for many original ...
2 months ago Bleepingcomputer.com
Hackers Using Polyglot Files In Wild, Here Comes PolyConv For Detection - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
2 months ago Gbhackers.com
Prudential Financial data breach impacts 2.5 million people, not 36,000 as first thought - In February 2024, Prudential Financial reported it had fallen victim to a ransomware attack. The attack was discovered one day after it started, but not before some 2.5 million people had been impacted by the resulting data breach. As one of the ...
2 months ago Malwarebytes.com
New Orcinius Trojan Uses VBA Stomping to Mask Infection - This week, the SonicWall Capture Labs threat research team investigated a sample of Orcinius malware. This is a multi-stage trojan that is using Dropbox and Google Docs to download second-stage payloads and stay updated. It contains an obfuscated VBA ...
2 months ago Blog.sonicwall.com
Preparing for Q-Day as NIST nears approval of PQC standards - Q-Day-the day when a cryptographically relevant quantum computer can break most forms of modern encryption-is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks. While estimates just a few ...
2 months ago Helpnetsecurity.com
Affirm tells SEC customer data stolen in Evolve breach The Register - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
2 months ago Go.theregister.com
Critical CocoaPods Flaws Exposed Many iOS, macOS Apps to Supply Chain Attacks - Critical vulnerabilities in the CocoaPods dependency manager could have allowed threat actors to take over thousands of orphaned packages, execute shell commands, and take over accounts, potentially impacting millions of iOS and macOS applications, ...
2 months ago Securityweek.com
Splunk Patches High-Severity Vulnerabilities in Enterprise Product - Splunk on Monday announced patches for 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including six high-severity bugs. Three of the high-severity issues are remote code execution flaws that require authentication for successful ...
2 months ago Securityweek.com
Evolve Bank Shares Data Breach Details as Fintech Firms Report Being Hit - Fintech companies Wise and Affirm have revealed that the recent data breach suffered by Evolve Bank impacts some of their customers. The notorious ransomware group LockBit recently threatened to leak data allegedly stolen from the US Federal Reserve. ...
2 months ago Securityweek.com
Patch Now: Cisco Zero-Day Under Fire From Chinese APT - Cisco has patched a command-line injection flaw in a network management platform used to manage switches in data centers, which, according to researchers from Sygnia, already has been exploited by the China-backed threat group known as Velvet Ant. ...
2 months ago Darkreading.com
Google to offer $250,000 for Full VM Escape Zero-day Vulnerability - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
2 months ago Gbhackers.com
SentinelLabs uncovers new CapraRAT spyware targeting Android users - A new report released today by SentinelLabs, the research arm of listed cybersecurity company SentinelOne Inc., warns of a resurgence of CapraRAT spyware targeting mobile gamers and weapons enthusiasts through malicious Android applications. CapraRAT ...
2 months ago Siliconangle.com

Trending Cyber News (last 7 days)

CVE-2024-45455 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JoomUnited WP Meta SEO allows Stored XSS.This issue affects WP Meta SEO: from n/a through 4.5.13. ...
2 days ago
CVE-2024-45460 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Manu225 Flipping Cards allows Stored XSS.This issue affects Flipping Cards: from n/a through 1.30. ...
2 days ago
CVE-2024-44056 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Mantra allows Stored XSS.This issue affects Mantra: from n/a through 3.3.2. ...
2 days ago
CVE-2024-46685 - In the Linux kernel, the following vulnerability has been resolved: ...
3 days ago
CVE-2024-46687 - In the Linux kernel, the following vulnerability has been resolved: ...
3 days ago
CVE-2024-6259 - BT: HCI: adv_ext_report Improper discarding in adv_ext_report ...
3 days ago
CVE-2024-44096 - there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. ...
1 day ago
CVE-2024-44053 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mohammad Arif Opor Ayam allows Reflected XSS.This issue affects Opor Ayam: from n/a through 1.8. ...
2 days ago
CVE-2024-44058 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Parabola allows Stored XSS.This issue affects Parabola: from n/a through 2.4.1. ...
2 days ago
CVE-2024-44054 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Fluida allows Stored XSS.This issue affects Fluida: from n/a through 1.8.8. ...
2 days ago
CVE-2024-4660 - An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2. It was possible for a guest to read the source code of a ...
3 days ago
CVE-2024-8867 - A vulnerability was found in Perfex CRM 3.1.6. It has been declared as problematic. This vulnerability affects unknown code of the file application/controllers/Clients.php of the component Parameter Handler. The manipulation of the argument message ...
13 hours ago
CVE-2024-8868 - A vulnerability was found in code-projects Crud Operation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file savedata.php. The manipulation of the argument sname leads to sql injection. The attack may be ...
13 hours ago
CVE-2024-44060 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jennifer Hall Filmix allows Reflected XSS.This issue affects Filmix: from n/a through 1.1. ...
2 days ago
CVE-2024-45456 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JoomUnited WP Meta SEO allows Stored XSS.This issue affects WP Meta SEO: from n/a through 4.5.13. ...
2 days ago
CVE-2024-44063 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Happyforms allows Stored XSS.This issue affects Happyforms: from n/a through 1.26.0. ...
2 days ago
CVE-2024-44062 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.6.5. ...
2 days ago
CVE-2024-8754 - An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed ...
3 days ago
CVE-2024-8640 - An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it was possible to inject commands into a connected ...
3 days ago
CVE-2024-8762 - A vulnerability was found in code-projects Crud Operation System 1.0. It has been classified as critical. This affects an unknown part of the file /updatedata.php. The manipulation of the argument sid leads to sql injection. It is possible to ...
3 days ago
CVE-2024-44094 - In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for ...
1 day ago
CVE-2022-3459 - The WooCommerce Multiple Free Gift plugin for WordPress is vulnerable to gift manipulation in all versions up to, and including, 1.2.3. This is due to plugin not enforcing server-side checks on the products that can be added as a gift. This makes it ...
3 days ago
CVE-2024-45457 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13. ...
2 days ago
CVE-2024-8124 - An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.1.7, starting from 17.2 prior to 17.2.5, starting from 17.3 prior to 17.3.2 which could cause Denial of Service via sending a specific POST request. ...
12 hours ago
CVE-2024-4612 - An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the ...
3 days ago
CVE-2024-39926 - An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A stored cross-site scripting (XSS) or, due to the default CSP, HTML injection vulnerability has been discovered in the admin dashboard. This potentially allows an authenticated ...
3 days ago
CVE-2024-44095 - In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible corrupt memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for ...
1 day ago
CVE-2024-8866 - A vulnerability was found in AutoCMS 5.4. It has been classified as problematic. This affects an unknown part of the file /admin/robot.php. The manipulation of the argument sidebar leads to cross site scripting. It is possible to initiate the attack ...
2 days ago
CVE-2024-45458 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13. ...
2 days ago
CVE-2024-45459 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Product Slider for WooCommerce allows Reflected XSS.This issue affects Product Slider for WooCommerce: from n/a through ...
2 days ago
CVE-2024-44059 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MediaRon LLC Custom Query Blocks allows Stored XSS.This issue affects Custom Query Blocks: from n/a through 5.3.1. ...
2 days ago
CVE-2024-8869 - A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack remotely. The complexity of an attack is rather ...
2 days ago
CVE-2024-8724 - The Waitlist Woocommerce ( Back in stock notifier ) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.5. This makes ...
3 days ago
CVE-2024-44057 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Nirvana allows Stored XSS.This issue affects Nirvana: from n/a through 1.6.3. ...
2 days ago
CVE-2024-8631 - A privilege escalation issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. A user assigned the Admin Group Member custom role could have escalated ...
3 days ago
CVE-2024-6389 - An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to ...
3 days ago
CVE-2024-8669 - The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter passed to the backuply_wp_clone_sql() function in all versions up to, and including, 1.3.4 due to insufficient ...
3 days ago
CVE-2024-8862 - A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument ...
3 days ago
CVE-2024-8863 - A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross ...
3 days ago
CVE-2024-8635 - A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal ...
3 days ago
CVE-2024-6446 - An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2. A crafted URL could be used to trick a victim to trust an attacker controlled application. ...
3 days ago
CVE-2024-2743 - An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables. ...
3 days ago
CVE-2024-46686 - In the Linux kernel, the following vulnerability has been resolved: ...
3 days ago
CVE-2024-45103 - A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges. ...
3 days ago
CVE-2024-8864 - A vulnerability has been found in composiohq composio up to 0.5.6 and classified as critical. Affected by this vulnerability is the function Calculator of the file python/composio/tools/local/mathematical/actions/calculator.py. The manipulation leads ...
13 hours ago
CVE-2024-45101 - A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convince the user to click on a specially crafted URL. ...
3 days ago
CVE-2024-3100 - A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could allow a local attacker with elevated privileges to execute arbitrary code. ...
3 days ago
CVE-2024-8479 - The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter add_filter('comment_text', 'do_shortcode'); which will run all shortcodes ...
3 days ago
CVE-2024-6482 - The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check on user-supplied data in the ...
3 days ago
CVE-2024-8271 - The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1. This is due to the software allowing users to execute an action that ...
3 days ago