Latest Cyber News

LogoFAIL - LogoFAIL refers to a set of vulnerabilities found in the Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs). These vulnerabilities are present in image parsing libraries embedded into the firmware. ...
6 months ago
Vidar Infostealer - Vidar is an infostealer malware that was first discovered in the wild in late 2018. It operates as malware-as-a-service and runs on Windows. Vidar can collect a wide range of sensitive data from browsers and digital wallets. Additionally, it is used ...
6 months ago
23andMe - 23andMe is a revolutionary service that analyzes your DNA and provides insights into your health, ancestry, and traits. This saliva-based DNA service offers personalized reports on your ancestry, family history, traits, and more. With one of the ...
6 months ago
Kimsuky - Kimsuky, also known as Velvet Chollima and Black Banshee, is a North Korean state-backed hacker group. The group has been active since at least 2012 and initially focused on targeting South Korean government entities, think tanks, and individuals ...
6 months ago
Okta - Okta is an enterprise-grade, identity management service that connects any person with any application on any device. It’s built for the cloud, but is also compatible with many on-premises applications. With Okta, IT can manage any employee’s ...
6 months ago
Gh0st rat - Gh0st RAT is a Trojan horse for the Windows platform. The “RAT” part of the name refers to the software’s ability to operate as a "Remote Administration Tool". It is a cyber spying computer program used to control infected Windows computers ...
6 months ago

Trending Cyber News (last 7 days)

CVE-2024-35325 - A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free. ...
1 day ago
CVE-2024-24704 - Missing Authorization vulnerability in AddonMaster Load More Anything.This issue affects Load More Anything: from n/a through 3.3.3. ...
3 days ago Tenable.com
CVE-2024-38279 - The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes. ...
1 day ago
CVE-2024-5692 - On Windows, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected ...
3 days ago Tenable.com
CVE-2024-5584 - The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and ...
3 days ago Tenable.com
CVE-2024-36827 - An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input. ...
6 days ago
CVE-2024-3133 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. ...
6 days ago
CVE-2024-35692 - Missing Authorization vulnerability in Termly Cookie Consent.This issue affects Cookie Consent: from n/a through 3.2. ...
3 days ago Tenable.com
CVE-2024-32703 - Missing Authorization vulnerability in reputeinfosystems ARForms.This issue affects ARForms: from n/a through 6.4. ...
4 days ago Tenable.com
CVE-2024-37307 - Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of `cilium-bugtool` can contain sensitive data when the tool is run ...
1 day ago
CVE-2024-32715 - Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through 1.1.1. ...
5 days ago Tenable.com
CVE-2024-35303 - A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0012), Tecnomatix Plant Simulation V2404 (All versions < V2404.0001). The affected applications contain a type confusion vulnerability while parsing ...
3 days ago Tenable.com
CVE-2024-5699 - In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the ...
3 days ago Tenable.com
CVE-2024-5694 - An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox < 127. ...
3 days ago Tenable.com
CVE-2024-35748 - Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through 5.0.4. ...
4 days ago Tenable.com
CVE-2024-5693 - Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127 and Firefox ESR < 115.12. ...
3 days ago Tenable.com
CVE-2024-23595 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. ...
6 days ago
CVE-2024-35661 - Missing Authorization vulnerability in SoftLab Upload Fields for WPForms.This issue affects Upload Fields for WPForms: from n/a through 1.0.2. ...
4 days ago Tenable.com
CVE-2024-32714 - Missing Authorization vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.16. ...
5 days ago Tenable.com
CVE-2023-47845 - Cross-Site Request Forgery (CSRF) vulnerability in Lim Kai Yang Grab & Save.This issue affects Grab & Save: from n/a through 1.0.4. ...
2 days ago Tenable.com
CVE-2024-2461 - If exploited an attacker could traverse the file system to access files or directories that would otherwise be inaccessible ...
3 days ago Tenable.com
CVE-2024-5745 - A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/product/controller.php?actionadd. The manipulation of the argument image leads ...
6 days ago
CVE-2023-6997 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. ...
6 days ago
CVE-2024-5761 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: [CVE-2024-5260]. Reason: This candidate is a reservation duplicate of [CVE-2024-5260]. Notes: All CVE users should reference [CVE-ID] instead of this candidate. All ...
6 days ago
CVE-2024-33561 - Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8. ...
5 days ago
CVE-2024-32704 - Missing Authorization vulnerability in reputeinfosystems ARForms.This issue affects ARForms: from n/a through 6.4. ...
4 days ago Tenable.com
CVE-2024-21751 - Missing Authorization vulnerability in RabbitLoader.This issue affects RabbitLoader: from n/a through 2.19.13. ...
4 days ago Tenable.com
CVE-2024-2092 - The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied ...
2 days ago Tenable.com
CVE-2024-32811 - Insertion of Sensitive Information into Log File vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.4. ...
5 days ago
CVE-2024-2462 - Allow attackers to intercept or falsify data exchanges between the client and the server ...
3 days ago Tenable.com
CVE-2024-35669 - Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1. ...
5 days ago
CVE-2024-28833 - Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms. ...
4 days ago Tenable.com
CVE-2024-35741 - Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.7. ...
4 days ago Tenable.com
CVE-2024-35735 - Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.11. ...
4 days ago Tenable.com
CVE-2024-35721 - Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through 1.4.5. ...
4 days ago Tenable.com
CVE-2024-5698 - By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 127. ...
3 days ago Tenable.com
CVE-2024-35292 - A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC ...
3 days ago Tenable.com
CVE-2023-47828 - Missing Authorization vulnerability in Mandrill wpMandrill.This issue affects wpMandrill: from n/a through 1.33. ...
2 days ago Tenable.com
CVE-2023-49224 - Precor touchscreen console P62, P80, and P82 contains a default SSH public key in the authorized_keys file. A remote attacker could use this key to gain root privileges. ...
6 days ago
CVE-2024-32787 - Missing Authorization vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 3.7.1. ...
5 days ago
CVE-2024-34802 - Missing Authorization vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through 1.8.5. ...
4 days ago Tenable.com
CVE-2024-5697 - A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox < 127. ...
3 days ago Tenable.com
CVE-2024-5695 - If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This vulnerability affects Firefox < ...
3 days ago Tenable.com
CVE-2023-51413 - Missing Authorization vulnerability in Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.29. ...
2 days ago Tenable.com
CVE-2024-1694 - Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: High) ...
6 days ago
CVE-2024-32783 - Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through 3.0.0. ...
5 days ago
CVE-2024-32798 - Missing Authorization vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.8.0. ...
5 days ago
CVE-2024-32813 - Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.9. ...
5 days ago
CVE-2024-5056 - CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem. ...
2 days ago Tenable.com
CVE-2024-5674 - The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the check_api_key function in all versions up to, and including, 2.4.5. This makes it possible for ...
2 days ago Tenable.com