CVE-2024-5570

The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them

Publication date: Fri, 28 Jun 2024 06:15:00 +0000

Cyber News related to CVE-2024-5570

CVE-2021-22681 - Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix ...
2 years ago

Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
3 months ago Cisa.gov

Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
3 months ago Cisa.gov

CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
2 weeks ago Tenable.com

The Top 24 Security Predictions for 2024 - Welcome to the second installment of this comprehensive annual look at global cybersecurity industry predictions from the top security industry vendors, technology magazines, expert thought leaders and many more. Last week, in part one of The Top 24 ...
6 months ago Securityboulevard.com

Securing Gold: Assessing Cyber Threats on Paris 2024 - The next Olympic Games hosted in Paris will take place from 26 July to 11 August 2024, while the Paralympic Games will be carried out from 28 August to 8 September 2024. Paris 2024 estimated the number of spectators for the next edition to be 9,7 ...
5 months ago Blog.sekoia.io

CVE-2024-5570 - The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them ...
2 days ago

CVE-2015-5584 - Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler ...
7 years ago

CVE-2015-6682 - Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler ...
7 years ago

CVE-2015-5574 - Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler ...
6 years ago

CVE-2015-5581 - Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler ...
7 years ago

CVE-2015-5570 - Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler ...
7 years ago

CVE-2014-5570 - The DailyFinance - Stocks & News (aka com.aol.mobile.dailyFinance) application 2.0.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via ...
9 years ago

CVE-2017-5570 - An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST request and which can be used to dump database data ...
7 years ago

CVE-2016-5570 - Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.2.3 through 12.2.6 allows remote administrators to affect confidentiality and integrity via vectors related to AD Utilities. ...
6 years ago

CVE-2013-5570 - Cross-site scripting (XSS) vulnerability in the Javascript and CSS Optimizer extension before 1.1.14 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. ...
6 years ago

CVE-2008-5570 - Directory traversal vulnerability in index.php in PHP Multiple Newsletters 2.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. ...
6 years ago

CVE-2018-9966 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious ...
5 years ago

CVE-2006-5570 - Directory traversal vulnerability in /scripts/cruise/cws.exe in CruiseWorks 1.09c and 1.09d allows remote attackers to read arbitrary files via a .. (dot dot) in the doc parameter. ...
5 years ago

CVE-2007-5570 - Cisco Firewall Services Module (FWSM) 3.2(1), and 3.1(5) and earlier, allows remote attackers to cause a denial of service (device reload) via a crafted HTTPS request, aka CSCsi77844. ...
4 years ago

CVE-2012-5570 - The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with the "access basic_webmail" permission to read arbitrary users' email addresses. ...
4 years ago

CVE-2020-5570 - Cross-site scripting vulnerability in Sales Force Assistant version 11.2.48 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. ...
4 years ago

CVE-2021-20679 - Fuji Xerox multifunction devices and printers (DocuCentre-VII C7773/C6673/C5573/C4473/C3373/C3372/C2273, DocuCentre-VII C7788/C6688/C5588, ApeosPort-VII C7773/C6673/C5573/C4473/C3373/C3372 C2273, ApeosPort-VII C7788/C6688/C5588, ApeosPort ...
3 years ago

CVE-2020-6998 - The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to ...
1 year ago

CVE-2023-34725 - An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via a telnet connection. ...
9 months ago

Latest Cyber News

CVE-2024-38525 - 1 hour ago
CVE-2024-33602 - 3 hours ago
CVE-2024-33601 - 3 hours ago
CVE-2024-33600 - 3 hours ago
CVE-2024-33599 - 3 hours ago
CVE-2024-38441 - 6 hours ago
CVE-2024-38440 - 6 hours ago
CVE-2024-38439 - 6 hours ago
CVE-2024-5642 - 7 hours ago
Staying Ahead of Adversarial AI with Incident Response Automation - 12 hours ago
CVE-2024-6415 - 14 hours ago
Google Chrome to Block Entrust SSL Certificates Starting November - 15 hours ago
CVE-2024-6414 - 15 hours ago
CVE-2024-39828 - 16 hours ago
CVE-2024-5926 - 17 hours ago
CVE-2024-39848 - 20 hours ago
CVE-2024-39846 - 21 hours ago
TechCrunch is part of the Yahoo family of brands - 22 hours ago
Infosys McCamish Systems data breach impacted over 6M people - 22 hours ago
CVE-2023-46858 - 22 hours ago

Cyber Trends (last 7 days)

Okta - 6 months ago
23andMe - 6 months ago
Kimsuky - 6 months ago
LogoFAIL - 6 months ago
Gh0st rat - 6 months ago

Trending Cyber News (last 7 days)

How Data Inference Could Expose Customer Information: The Case of UnitedHealth Breach - 1 day ago
How Data Inference Could Expose Customer Information: The Case of UnitedHealth Breach - 1 day ago
How Data Inference Could Expose Customer Information: The Case of UnitedHealth Breach - 1 day ago
How Data Inference Could Expose Customer Information: The Case of UnitedHealth Breach - 1 day ago
How Data Inference Could Expose Customer Information: The Case of UnitedHealth Breach - 1 day ago
How Data Inference Could Expose Customer Information: The Case of UnitedHealth Breach - 1 day ago
How Data Inference Could Expose Customer Information: The Case of UnitedHealth Breach - 1 day ago
CVE-2024-5926 - 17 hours ago
CVE-2024-6414 - 15 hours ago
CVE-2024-6415 - 14 hours ago
How Data Inference Could Expose Customer Information: The Case of UnitedHealth Breach - 1 day ago
Staying Ahead of Adversarial AI with Incident Response Automation - 12 hours ago
How Data Inference Could Expose Customer Information: The Case of UnitedHealth Breach - 1 day ago
How Data Inference Could Expose Customer Information: The Case of UnitedHealth Breach - 1 day ago
How Data Inference Could Expose Customer Information: The Case of UnitedHealth Breach - 1 day ago
How Data Inference Could Expose Customer Information: The Case of UnitedHealth Breach - 1 day ago
How Data Inference Could Expose Customer Information: The Case of UnitedHealth Breach - 1 day ago
How Data Inference Could Expose Customer Information: The Case of UnitedHealth Breach - 1 day ago
How Data Inference Could Expose Customer Information: The Case of UnitedHealth Breach - 1 day ago
How Data Inference Could Expose Customer Information: The Case of UnitedHealth Breach - 1 day ago