Cyber trends overview
Cyber trends overview
Latest Cyber News
LogoFAIL - LogoFAIL refers to a set of vulnerabilities found in the Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs). These vulnerabilities are present in image parsing libraries embedded into the firmware. ...
1 year ago
1 year ago
Vidar Infostealer - Vidar is an infostealer malware that was first discovered in the wild in late 2018. It operates as malware-as-a-service and runs on Windows. Vidar can collect a wide range of sensitive data from browsers and digital wallets. Additionally, it is used ...
1 year ago
1 year ago
23andMe - 23andMe is a revolutionary service that analyzes your DNA and provides insights into your health, ancestry, and traits. This saliva-based DNA service offers personalized reports on your ancestry, family history, traits, and more. With one of the ...
1 year ago
1 year ago
Kimsuky - Kimsuky, also known as Velvet Chollima and Black Banshee, is a North Korean state-backed hacker group. The group has been active since at least 2012 and initially focused on targeting South Korean government entities, think tanks, and individuals ...
1 year ago
1 year ago
Okta - Okta is an enterprise-grade, identity management service that connects any person with any application on any device. It’s built for the cloud, but is also compatible with many on-premises applications. With Okta, IT can manage any employee’s ...
1 year ago
1 year ago
Gh0st rat - Gh0st RAT is a Trojan horse for the Windows platform. The “RAT” part of the name refers to the software’s ability to operate as a "Remote Administration Tool". It is a cyber spying computer program used to control infected Windows computers ...
1 year ago
1 year ago
Trending Cyber News (last 7 days)
CVE-2024-31891 - IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 contains a local privilege escalation vulnerability. A malicious actor with command line access to the 'scalemgmt' user can elevate privileges to gain root access to the host ...
6 days ago Tenable.com
6 days ago Tenable.com
CVE-2024-11721 - The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. ...
1 week ago Tenable.com
1 week ago Tenable.com
CVE-2024-11720 - The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via submission forms in all versions up to, and including, 3.24.5 due to insufficient input sanitization and output escaping on the new Taxonomy form. ...
1 week ago Tenable.com
1 week ago Tenable.com
CVE-2024-11715 - The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the assignUserRole() function in all versions up to, and including, ...
1 week ago Tenable.com
1 week ago Tenable.com
CVE-2024-11714 - The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'ff' parameter of the getFieldsForVisibleCombobox() function in all versions up to, and including, 2.2.2 ...
1 week ago Tenable.com
1 week ago Tenable.com
CVE-2024-11712 - The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getResumeFileDownloadById() function in all versions up ...
1 week ago Tenable.com
1 week ago Tenable.com
CVE-2024-10690 - The Shortcodes for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.4 via the 'SHORTCODE_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it ...
1 week ago Tenable.com
1 week ago Tenable.com
CVE-2024-10646 - The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form's subject parameter in all versions up to, and including, 5.2.6 due to ...
1 week ago Tenable.com
1 week ago Tenable.com
CVE-2024-11713 - The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'page_id' parameter of the wpjobportal_deactivate() function in all versions up to, and including, 2.2.2 ...
1 week ago Tenable.com
1 week ago Tenable.com
CVE-2024-12446 - The Post to Pdf plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gmptp_single_post' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied ...
1 week ago Tenable.com
1 week ago Tenable.com
CVE-2024-12422 - The Import Eventbrite Events plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible ...
1 week ago Tenable.com
1 week ago Tenable.com
CVE-2024-7701 - Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.This issue affects percona-toolkit: 3.6.0. ...
6 days ago Tenable.com
6 days ago Tenable.com
CVE-2024-56074 - gitingest before 9996a06 mishandles symbolic links that point outside of the base directory. ...
6 days ago Tenable.com
6 days ago Tenable.com
CVE-2024-55969 - DocIO in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 throws XMLException during the resaving of a DOCX document with an external reference XML, aka I640714. ...
6 days ago Tenable.com
6 days ago Tenable.com
CVE-2024-49576 - A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption ...
2 days ago Tenable.com
2 days ago Tenable.com
CVE-2024-12628 - The bodi0`s Easy cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cache-folder' parameter in all versions up to, and including, 0.8 due to insufficient input sanitization and output escaping. This makes it possible for ...
1 week ago Tenable.com
1 week ago Tenable.com
CVE-2024-11711 - The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'resumeid' parameter in all versions up to, and including, 2.2.1 due to insufficient escaping on the user ...
1 week ago Tenable.com
1 week ago Tenable.com
CVE-2024-12459 - The Ganohrs Toggle Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggle' shortcode in all versions up to, and including, 0.2.4 due to insufficient input sanitization and output escaping on user supplied ...
1 week ago Tenable.com
1 week ago Tenable.com
CVE-2024-12578 - The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.5.4.8 via the 'tickera_tickets_info' endpoint. This makes it possible for unauthenticated attackers to ...
1 week ago Tenable.com
1 week ago Tenable.com
CVE-2024-11858 - A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shell commands during command parsing, leading to ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-56082 - ChatBar.tsx in Lumos before 1.0.17 parses raw HTML in Markdown because the markdown-to-jsx package is used without disableParsingRawHTML set to true. ...
6 days ago Tenable.com
6 days ago Tenable.com
CVE-2024-56072 - An issue was discovered in FastNetMon Community Edition through 1.2.7. The sFlow v5 plugin allows remote attackers to cause a denial of service (application crash) via a crafted packet that specifies many sFlow samples. ...
6 days ago Tenable.com
6 days ago Tenable.com
CVE-2024-47119 - IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. ...
2 days ago Tenable.com
2 days ago Tenable.com
CVE-2024-12372 - A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially ...
2 days ago Tenable.com
2 days ago Tenable.com
CVE-2024-31892 - IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements. ...
6 days ago Tenable.com
6 days ago Tenable.com
CVE-2023-50956 - IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text. ...
2 days ago Tenable.com
2 days ago Tenable.com
CVE-2024-56010 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre Lannoy / PerfOps One Device Detector allows Reflected XSS.This issue affects Device Detector: from n/a through 4.2.0. ...
2 days ago Tenable.com
2 days ago Tenable.com
CVE-2024-56073 - An issue was discovered in FastNetMon Community Edition through 1.2.7. Zero-length templates for Netflow v9 allow remote attackers to cause a denial of service (divide-by-zero error and application crash). ...
6 days ago Tenable.com
6 days ago Tenable.com
CVE-2024-12646 - The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-12373 - A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service. ...
2 days ago Tenable.com
2 days ago Tenable.com
CVE-2024-38864 - Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and ...
1 day ago Tenable.com
1 day ago Tenable.com
CVE-2024-12787 - A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /student/check_student_login.php. The manipulation of the ...
1 day ago Tenable.com
1 day ago Tenable.com
CVE-2024-11710 - The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'fieldfor', 'visibleParent' and 'id' parameters in all versions up to, and including, 2.2.2 due to ...
1 week ago Tenable.com
1 week ago Tenable.com
CVE-2024-12501 - The Simple Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This ...
1 week ago Tenable.com
1 week ago Tenable.com
CVE-2024-12474 - The GeoDataSource Country Region DropDown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gds-country-dropdown' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and ...
1 week ago Tenable.com
1 week ago Tenable.com
CVE-2024-11752 - The Eveeno plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eveeno' shortcode in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This ...
1 week ago Tenable.com
1 week ago Tenable.com
CVE-2024-55970 - File Manager in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 has a traversal issue that is related to the request parameter, aka I644734. ...
6 days ago Tenable.com
6 days ago Tenable.com
CVE-2024-9678 - An SQL Injection vulnerability existed in DLP Extension 11.11.1.3. The vulnerability allowed an attacker to perform arbitrary SQL queries potentially leading to command execution. ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-12644 - The tbm-client from Chunghwa Telecom has an Arbitrary File vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-5333 - The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events. ...
5 days ago Tenable.com
5 days ago Tenable.com
CVE-2024-12127 - The Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 0.0.21 due to ...
4 days ago Tenable.com
4 days ago Tenable.com
CVE-2024-48889 - An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiManager version 7.6.0, version 7.4.4 and below, version 7.2.7 and below, version 7.0.12 and below, version 6.4.14 and below ...
2 days ago Tenable.com
2 days ago Tenable.com
CVE-2024-56059 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Mighty Digital Partners allows Object Injection.This issue affects Partners: from n/a through 0.2.0. ...
2 days ago Tenable.com
2 days ago Tenable.com
CVE-2024-56058 - Deserialization of Untrusted Data vulnerability in Gueststream VRPConnector allows Object Injection.This issue affects VRPConnector: from n/a through 2.0.1. ...
2 days ago Tenable.com
2 days ago Tenable.com
CVE-2024-56008 - Missing Authorization vulnerability in spreadr Spreadr Woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Spreadr Woocommerce: from n/a through 1.0.4. ...
2 days ago Tenable.com
2 days ago Tenable.com
CVE-2024-55985 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ydesignservices YDS Support Ticket System allows SQL Injection.This issue affects YDS Support Ticket System: from n/a through 1.0. ...
2 days ago Tenable.com
2 days ago Tenable.com
CVE-2024-9154 - A code injection vulnerability in HMS Networks Ewon Flexy 205 allows executing commands on system level on the device. This issue affects Ewon Flexy 205: through 14.8s0 (#2633). ...
1 day ago Tenable.com
1 day ago Tenable.com
CVE-2024-12362 - A vulnerability was found in InvoicePlane up to 1.6.1. It has been classified as problematic. This affects the function download of the file invoices.php. The manipulation of the argument invoice leads to path traversal. It is possible to initiate ...
5 days ago Tenable.com
5 days ago Tenable.com