Latest Cyber News

admin@338 - admin@338 is a China-based cyber threat group. It has previously used newsworthy events as lures to deliver malware and has primarily targeted organizations involved in financial, economic, and trade policy, typically using publicly available RATs ...
6 months ago Attack.mitre.org
Ajax Security Team - Ajax Security Team is a group that has been active since at least 2010 and believed to be operating out of Iran. By 2014 Ajax Security Team transitioned from website defacement operations to malware-based cyber espionage campaigns targeting the US ...
6 months ago Attack.mitre.org
ALLANITE - ALLANITE is a suspected Russian cyber espionage group, that has primarily targeted the electric utility sector within the United States and United Kingdom. The group's tactics and techniques are reportedly similar to Dragonfly, although ALLANITEs ...
6 months ago Attack.mitre.org
Andariel - Andariel is a North Korean state-sponsored threat group that has been active since at least 2009. Andariel has primarily focused its operations--which have included destructive attacks--against South Korean government agencies, military ...
6 months ago Attack.mitre.org
Aoqin Dragon - Aoqin Dragon is a suspected Chinese cyber espionage threat group that has been active since at least 2013. Aoqin Dragon has primarily targeted government, education, and telecommunication organizations in Australia, Cambodia, Hong Kong, Singapore, ...
6 months ago Attack.mitre.org
APT-C-36 - APT-C-36 is a suspected South America espionage group that has been active since at least 2018. The group mainly targets Colombian government institutions as well as important corporations in the financial sector, petroleum industry, and professional ...
6 months ago Attack.mitre.org
APT1 - APT1 is a Chinese threat group that has been attributed to the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department, commonly known by its Military Unit Cover Designator (MUCD) as Unit 61398. ...
6 months ago Attack.mitre.org
APT12 - APT12 is a threat group that has been attributed to China. The group has targeted a variety of victims including but not limited to media outlets, high-tech companies, and multiple governments. ...
6 months ago Attack.mitre.org
APT16 - APT16 is a China-based threat group that has launched spearphishing campaigns targeting Japanese and Taiwanese organizations. ...
6 months ago Attack.mitre.org
APT17 - APT17 is a China-based threat group that has conducted network intrusions against U.S. government entities, the defense industry, law firms, information technology companies, mining companies, and non-government organizations. ...
6 months ago Attack.mitre.org
APT18 - APT18 is a threat group that has operated since at least 2009 and has targeted a range of industries, including technology, manufacturing, human rights groups, government, and medical. ...
6 months ago Attack.mitre.org
APT19 - APT19 is a Chinese-based threat group that has targeted a variety of industries, including defense, finance, energy, pharmaceutical, telecommunications, high tech, education, manufacturing, and legal services. In 2017, a phishing campaign was used to ...
6 months ago Attack.mitre.org
APT28 - APT28 is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165. This group has been active since at least 2004.APT28 reportedly compromised ...
6 months ago Attack.mitre.org
APT29 - APT29 is threat group that has been attributed to Russia's Foreign Intelligence Service (SVR). They have operated since at least 2008, often targeting government networks in Europe and NATO member countries, research institutes, and think tanks. ...
6 months ago Attack.mitre.org
APT3 - APT3 is a China-based threat group that researchers have attributed to China's Ministry of State Security. This group is responsible for the campaigns known as Operation Clandestine Fox, Operation Clandestine Wolf, and Operation Double Tap. As of ...
6 months ago Attack.mitre.org
APT30 - APT30 is a threat group suspected to be associated with the Chinese government. While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches. ...
6 months ago Attack.mitre.org
APT32 - APT32 is a suspected Vietnam-based threat group that has been active since at least 2014. The group has targeted multiple private sector industries as well as foreign governments, dissidents, and journalists with a strong focus on Southeast Asian ...
6 months ago Attack.mitre.org
APT33 - APT33 is a suspected Iranian threat group that has carried out operations since at least 2013. The group has targeted organizations across multiple industries in the United States, Saudi Arabia, and South Korea, with a particular interest in the ...
6 months ago Attack.mitre.org
APT37 - APT37 is a North Korean state-sponsored cyber espionage group that has been active since at least 2012. The group has targeted victims primarily in South Korea, but also in Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and other parts ...
6 months ago Attack.mitre.org
APT38 - APT38 is a North Korean state-sponsored threat group that specializes in financial cyber operations; it has been attributed to the Reconnaissance General Bureau. Active since at least 2014, APT38 has targeted banks, financial institutions, casinos, ...
6 months ago Attack.mitre.org
APT39 - APT39 is one of several names for cyber espionage activity conducted by the Iranian Ministry of Intelligence and Security (MOIS) through the front company Rana Intelligence Computing since at least 2014. APT39 has primarily targeted the travel, ...
6 months ago Attack.mitre.org
APT41 - APT41 is a threat group that researchers have assessed as Chinese state-sponsored espionage group that also conducts financially-motivated operations. Active since at least 2012, APT41 has been observed targeting healthcare, telecom, technology, and ...
6 months ago Attack.mitre.org
Aquatic Panda - Aquatic Panda is a suspected China-based threat group with a dual mission of intelligence collection and industrial espionage. Active since at least May 2020, Aquatic Panda has primarily targeted entities in the telecommunications, technology, and ...
6 months ago Attack.mitre.org
Axiom - Axiom is a suspected Chinese cyber espionage group that has targeted the aerospace, defense, government, manufacturing, and media sectors since at least 2008. Some reporting suggests a degree of overlap between Axiom and Winnti Group but the two ...
6 months ago Attack.mitre.org
BackdoorDiplomacy - BackdoorDiplomacy is a cyber espionage threat group that has been active since at least 2017. BackdoorDiplomacy has targeted Ministries of Foreign Affairs and telecommunication companies in Africa, Europe, the Middle East, and Asia. ...
6 months ago Attack.mitre.org
BITTER - BITTER is a suspected South Asian cyber espionage threat group that has been active since at least 2013. BITTER has primarily targeted government, energy, and engineering organizations in Pakistan, China, Bangladesh, and Saudi Arabia. ...
6 months ago Attack.mitre.org
BlackOasis - BlackOasis is a Middle Eastern threat group that is believed to be a customer of Gamma Group. The group has shown interest in prominent figures in the United Nations, as well as opposition bloggers, activists, regional news correspondents, and think ...
6 months ago Attack.mitre.org
BlackTech - BlackTech is a suspected Chinese cyber espionage group that has primarily targeted organizations in East Asia--particularly Taiwan, Japan, and Hong Kong--and the US since at least 2013. BlackTech has used a combination of custom malware, dual-use ...
6 months ago Attack.mitre.org
Blue Mockingbird - Blue Mockingbird is a cluster of observed activity involving Monero cryptocurrency-mining payloads in dynamic-link library (DLL) form on Windows systems. The earliest observed Blue Mockingbird tools were created in December 2019. ...
6 months ago Attack.mitre.org
Bouncing Golf - Bouncing Golf is a cyberespionage campaign targeting Middle Eastern countries. ...
6 months ago Attack.mitre.org
BRONZE BUTLER - BRONZE BUTLER is a cyber espionage group with likely Chinese origins that has been active since at least 2008. The group primarily targets Japanese organizations, particularly those in government, biotechnology, electronics manufacturing, and ...
6 months ago Attack.mitre.org
Carbanak - Carbanak is a cybercriminal group that has used Carbanak malware to target financial institutions since at least 2013. Carbanak may be linked to groups tracked separately as Cobalt Group and FIN7 that have also used Carbanak malware. ...
6 months ago Attack.mitre.org
Chimera - Chimera is a suspected China-based threat group that has been active since at least 2018 targeting the semiconductor industry in Taiwan as well as data from the airline industry. ...
6 months ago Attack.mitre.org
Cleaver - Cleaver is a threat group that has been attributed to Iranian actors and is responsible for activity tracked as Operation Cleaver. Strong circumstantial evidence suggests Cleaver is linked to Threat Group 2889 (TG-2889). ...
6 months ago Attack.mitre.org
Cobalt Group - Cobalt Group is a financially motivated threat group that has primarily targeted financial institutions since at least 2016. The group has conducted intrusions to steal money via targeting ATM systems, card processing, payment systems and SWIFT ...
6 months ago Attack.mitre.org
Confucius - Confucius is a cyber espionage group that has primarily targeted military personnel, high-profile personalities, business persons, and government organizations in South Asia since at least 2013. Security researchers have noted similarities between ...
6 months ago Attack.mitre.org
CopyKittens - CopyKittens is an Iranian cyber espionage group that has been operating since at least 2013. It has targeted countries including Israel, Saudi Arabia, Turkey, the U.S., Jordan, and Germany. The group is responsible for the campaign known as Operation ...
6 months ago Attack.mitre.org
CURIUM - CURIUM is an Iranian threat group first reported in November 2021 that has invested in building a relationship with potential targets via social media over a period of months to establish trust and confidence before sending malware. Security ...
6 months ago Attack.mitre.org
Dark Caracal - Dark Caracal is threat group that has been attributed to the Lebanese General Directorate of General Security (GDGS) and has operated since at least 2012. ...
6 months ago Attack.mitre.org
Darkhotel - Darkhotel is a suspected South Korean threat group that has targeted victims primarily in East Asia since at least 2004. The group's name is based on cyber espionage operations conducted via hotel Internet networks against traveling executives and ...
6 months ago Attack.mitre.org
DarkHydrus - DarkHydrus is a threat group that has targeted government agencies and educational institutions in the Middle East since at least 2016. The group heavily leverages open-source tools and custom payloads for carrying out attacks. ...
6 months ago Attack.mitre.org
DarkVishnya - DarkVishnya is a financially motivated threat actor targeting financial institutions in Eastern Europe. In 2017-2018 the group attacked at least 8 banks in this region. ...
6 months ago Attack.mitre.org
Deep Panda - Deep Panda is a suspected Chinese threat group known to target many industries, including government, defense, financial, and telecommunications. The intrusion into healthcare company Anthem has been attributed to Deep Panda. This group is also ...
6 months ago Attack.mitre.org
Dragonfly - Dragonfly is a cyber espionage group that has been attributed to Russia's Federal Security Service (FSB) Center 16. Active since at least 2010, Dragonfly has targeted defense and aviation companies, government entities, companies related to ...
6 months ago Attack.mitre.org
DragonOK - DragonOK is a threat group that has targeted Japanese organizations with phishing emails. Due to overlapping TTPs, including similar custom tools, DragonOK is thought to have a direct or indirect relationship with the threat group Moafee. It is ...
6 months ago Attack.mitre.org
Earth Lusca - Earth Lusca is a suspected China-based cyber espionage group that has been active since at least April 2019. Earth Lusca has targeted organizations in Australia, China, Hong Kong, Mongolia, Nepal, the Philippines, Taiwan, Thailand, Vietnam, the ...
6 months ago Attack.mitre.org
Elderwood - Elderwood is a suspected Chinese cyber espionage group that was reportedly responsible for the 2009 Google intrusion known as Operation Aurora. The group has targeted defense organizations, supply chain manufacturers, human rights and ...
6 months ago Attack.mitre.org
Ember Bear - Ember Bear is a suspected Russian state-sponsored cyber espionage group that has been active since at least March 2021. Ember Bear has primarily focused their operations against Ukraine and Georgia, but has also targeted Western European and North ...
6 months ago Attack.mitre.org
Equation - Equation is a sophisticated threat group that employs multiple remote access tools. The group is known to use zero-day exploits and has developed the capability to overwrite the firmware of hard disk drives. ...
6 months ago Attack.mitre.org
Evilnum - Evilnum is a financially motivated threat group that has been active since at least 2018. ...
6 months ago Attack.mitre.org
EXOTIC LILY - EXOTIC LILY is a financially motivated group that has been closely linked with Wizard Spider and the deployment of ransomware including Conti and Diavol. EXOTIC LILY may be acting as an initial access broker for other malicious actors, and has ...
6 months ago Attack.mitre.org
Ferocious Kitten - Ferocious Kitten is a threat group that has primarily targeted Persian-speaking individuals in Iran since at least 2015. ...
6 months ago Attack.mitre.org
FIN10 - FIN10 is a financially motivated threat group that has targeted organizations in North America since at least 2013 through 2016. The group uses stolen data exfiltrated from victims to extort organizations. ...
6 months ago Attack.mitre.org
FIN13 - FIN13 is a financially motivated cyber threat group that has targeted the financial, retail, and hospitality industries in Mexico and Latin America, as early as 2016. FIN13 achieves its objectives by stealing intellectual property, financial data, ...
6 months ago Attack.mitre.org
FIN4 - FIN4 is a financially-motivated threat group that has targeted confidential information related to the public financial market, particularly regarding healthcare and pharmaceutical companies, since at least 2013. FIN4 is unique in that they do not ...
6 months ago Attack.mitre.org
FIN5 - FIN5 is a financially motivated threat group that has targeted personally identifiable information and payment card information. The group has been active since at least 2008 and has targeted the restaurant, gaming, and hotel industries. The group is ...
6 months ago Attack.mitre.org
FIN6 - FIN6 is a cyber crime group that has stolen payment card data and sold it for profit on underground marketplaces. This group has aggressively targeted and compromised point of sale (PoS) systems in the hospitality and retail sectors. ...
6 months ago Attack.mitre.org
FIN7 - FIN7 is a financially-motivated threat group that has been active since 2013. FIN7 has primarily targeted the retail, restaurant, hospitality, software, consulting, financial services, medical equipment, cloud services, media, food and beverage, ...
6 months ago Attack.mitre.org
FIN8 - FIN8 is a financially motivated threat group that has been active since at least January 2016, and known for targeting organizations in the hospitality, retail, entertainment, insurance, technology, chemical, and financial sectors. In June 2021, ...
6 months ago Attack.mitre.org
Fox Kitten - Fox Kitten is threat actor with a suspected nexus to the Iranian government that has been active since at least 2017 against entities in the Middle East, North Africa, Europe, Australia, and North America. Fox Kitten has targeted multiple industrial ...
6 months ago Attack.mitre.org
GALLIUM - GALLIUM is a cyberespionage group that has been active since at least 2012, primarily targeting telecommunications companies, financial institutions, and government entities in Afghanistan, Australia, Belgium, Cambodia, Malaysia, Mozambique, the ...
6 months ago Attack.mitre.org
Gallmaker - Gallmaker is a cyberespionage group that has targeted victims in the Middle East and has been active since at least December 2017. The group has mainly targeted victims in the defense, military, and government sectors. ...
6 months ago Attack.mitre.org
Gamaredon Group - Gamaredon Group is a suspected Russian cyber espionage threat group that has targeted military, NGO, judiciary, law enforcement, and non-profit organizations in Ukraine since at least 2013. The name Gamaredon Group comes from a misspelling of the ...
6 months ago Attack.mitre.org
GCMAN - GCMAN is a threat group that focuses on targeting banks for the purpose of transferring money to e-currency services. ...
6 months ago Attack.mitre.org
GOLD SOUTHFIELD - GOLD SOUTHFIELD is a financially motivated threat group active since at least 2018 that operates the REvil Ransomware-as-a Service (RaaS). GOLD SOUTHFIELD provides backend infrastructure for affiliates recruited on underground forums to perpetrate ...
6 months ago Attack.mitre.org
Gorgon Group - Gorgon Group is a threat group consisting of members who are suspected to be Pakistan-based or have other connections to Pakistan. The group has performed a mix of criminal and targeted attacks, including campaigns against government organizations in ...
6 months ago Attack.mitre.org
Group5 - Group5 is a threat group with a suspected Iranian nexus, though this attribution is not definite. The group has targeted individuals connected to the Syrian opposition via spearphishing and watering holes, normally using Syrian and Iranian themes. ...
6 months ago Attack.mitre.org
HAFNIUM - HAFNIUM is a likely state-sponsored cyber espionage group operating out of China that has been active since at least January 2021. HAFNIUM primarily targets entities in the US across a number of industry sectors, including infectious disease ...
6 months ago Attack.mitre.org
HEXANE - HEXANE is a cyber espionage threat group that has targeted oil & gas, telecommunications, aviation, and internet service provider organizations since at least 2017. Targeted companies have been located in the Middle East and Africa, including ...
6 months ago Attack.mitre.org
Higaisa - Higaisa is a threat group suspected to have South Korean origins. Higaisa has targeted government, public, and trade organizations in North Korea; however, they have also carried out attacks in China, Japan, Russia, Poland, and other nations. Higaisa ...
6 months ago Attack.mitre.org
Inception - Inception is a cyber espionage group active since at least 2014. The group has targeted multiple industries and governmental entities primarily in Russia, but has also been active in the United States and throughout Europe, Asia, Africa, and the ...
6 months ago Attack.mitre.org
IndigoZebra - IndigoZebra is a suspected Chinese cyber espionage group that has been targeting Central Asian governments since at least 2014. ...
6 months ago Attack.mitre.org
Indrik Spider - Indrik Spider is a Russia-based cybercriminal group that has been active since at least 2014. Indrik Spider initially started with the Dridex banking Trojan, and then by 2017 they began running ransomware operations using BitPaymer, WastedLocker, and ...
6 months ago Attack.mitre.org
Ke3chang - Ke3chang is a threat group attributed to actors operating out of China. Ke3chang has targeted oil, government, diplomatic, military, and NGOs in Central and South America, the Caribbean, Europe, and North America since at least 2010. ...
6 months ago Attack.mitre.org
Kimsuky - Kimsuky is a North Korea-based cyber espionage group that has been active since at least 2012. The group initially focused on targeting South Korean government entities, think tanks, and individuals identified as experts in various fields, and ...
6 months ago Attack.mitre.org

Trending Cyber News (last 7 days)

CVE-2024-35325 - A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free. ...
1 day ago
CVE-2024-24704 - Missing Authorization vulnerability in AddonMaster Load More Anything.This issue affects Load More Anything: from n/a through 3.3.3. ...
3 days ago Tenable.com
CVE-2024-38279 - The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes. ...
1 day ago
CVE-2024-5692 - On Windows, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected ...
3 days ago Tenable.com
CVE-2024-5584 - The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and ...
3 days ago Tenable.com
CVE-2024-36827 - An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input. ...
6 days ago
CVE-2024-3133 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. ...
6 days ago
CVE-2024-35692 - Missing Authorization vulnerability in Termly Cookie Consent.This issue affects Cookie Consent: from n/a through 3.2. ...
3 days ago Tenable.com
CVE-2024-32703 - Missing Authorization vulnerability in reputeinfosystems ARForms.This issue affects ARForms: from n/a through 6.4. ...
5 days ago Tenable.com
CVE-2024-37307 - Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of `cilium-bugtool` can contain sensitive data when the tool is run ...
1 day ago
CVE-2024-32715 - Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through 1.1.1. ...
5 days ago Tenable.com
CVE-2024-35303 - A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0012), Tecnomatix Plant Simulation V2404 (All versions < V2404.0001). The affected applications contain a type confusion vulnerability while parsing ...
3 days ago Tenable.com
CVE-2024-5699 - In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the ...
3 days ago Tenable.com
CVE-2024-5694 - An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox < 127. ...
3 days ago Tenable.com
CVE-2024-35748 - Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through 5.0.4. ...
4 days ago Tenable.com
CVE-2024-5693 - Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127 and Firefox ESR < 115.12. ...
3 days ago Tenable.com
CVE-2024-23595 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. ...
6 days ago
CVE-2024-35661 - Missing Authorization vulnerability in SoftLab Upload Fields for WPForms.This issue affects Upload Fields for WPForms: from n/a through 1.0.2. ...
4 days ago Tenable.com
CVE-2024-32714 - Missing Authorization vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.16. ...
5 days ago Tenable.com
CVE-2023-47845 - Cross-Site Request Forgery (CSRF) vulnerability in Lim Kai Yang Grab & Save.This issue affects Grab & Save: from n/a through 1.0.4. ...
2 days ago Tenable.com
CVE-2024-2461 - If exploited an attacker could traverse the file system to access files or directories that would otherwise be inaccessible ...
3 days ago Tenable.com
CVE-2023-6997 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. ...
6 days ago
CVE-2024-5761 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: [CVE-2024-5260]. Reason: This candidate is a reservation duplicate of [CVE-2024-5260]. Notes: All CVE users should reference [CVE-ID] instead of this candidate. All ...
6 days ago
CVE-2024-33561 - Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8. ...
5 days ago
CVE-2024-32704 - Missing Authorization vulnerability in reputeinfosystems ARForms.This issue affects ARForms: from n/a through 6.4. ...
5 days ago Tenable.com
CVE-2024-21751 - Missing Authorization vulnerability in RabbitLoader.This issue affects RabbitLoader: from n/a through 2.19.13. ...
4 days ago Tenable.com
CVE-2024-2092 - The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied ...
2 days ago Tenable.com
CVE-2024-32811 - Insertion of Sensitive Information into Log File vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.4. ...
5 days ago
CVE-2024-2462 - Allow attackers to intercept or falsify data exchanges between the client and the server ...
3 days ago Tenable.com
CVE-2024-35669 - Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1. ...
5 days ago
CVE-2024-28833 - Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms. ...
4 days ago Tenable.com
CVE-2024-35741 - Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.7. ...
4 days ago Tenable.com
CVE-2024-35735 - Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.11. ...
4 days ago Tenable.com
CVE-2024-35721 - Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through 1.4.5. ...
4 days ago Tenable.com
CVE-2024-5698 - By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 127. ...
3 days ago Tenable.com
CVE-2024-35292 - A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC ...
3 days ago Tenable.com
CVE-2023-47828 - Missing Authorization vulnerability in Mandrill wpMandrill.This issue affects wpMandrill: from n/a through 1.33. ...
2 days ago Tenable.com
CVE-2023-49224 - Precor touchscreen console P62, P80, and P82 contains a default SSH public key in the authorized_keys file. A remote attacker could use this key to gain root privileges. ...
6 days ago
CVE-2024-32787 - Missing Authorization vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 3.7.1. ...
5 days ago
CVE-2024-34802 - Missing Authorization vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through 1.8.5. ...
4 days ago Tenable.com
CVE-2024-5697 - A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox < 127. ...
3 days ago Tenable.com
CVE-2024-5695 - If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This vulnerability affects Firefox < ...
3 days ago Tenable.com
CVE-2023-51413 - Missing Authorization vulnerability in Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.29. ...
2 days ago Tenable.com
CVE-2024-1694 - Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: High) ...
6 days ago
CVE-2024-32783 - Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through 3.0.0. ...
5 days ago
CVE-2024-32798 - Missing Authorization vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.8.0. ...
5 days ago
CVE-2024-32813 - Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.9. ...
5 days ago
CVE-2024-5056 - CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem. ...
2 days ago Tenable.com
CVE-2024-5674 - The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the check_api_key function in all versions up to, and including, 2.4.5. This makes it possible for ...
2 days ago Tenable.com
CVE-2024-31350 - Missing Authorization vulnerability in AWP Classifieds Team AWP Classifieds.This issue affects AWP Classifieds: from n/a through 4.3.1. ...
5 days ago Tenable.com