Latest Cyber News

SQL Injection Vulnerability Patched in Tutor LMS WordPress Plugin - On February 15th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an authenticated SQL Injection vulnerability in Tutor LMS, a WordPress plugin with more than 80,000+ active installations. Props to Muhammad Hassham ...
1 week ago Wordfence.com
How to manage third-party risk in the cloud - The increasing levels of access and integration within cloud environments create risks and potential new avenues of compromise for cloud customers. Organizations can hope their cloud service providers are secure, but that's not always the case. It's ...
1 week ago Techtarget.com
Building Data Center Infrastructure for the AI Revolution  - This is part two of a multi-part blog series on AI. Part one, Why 2024 is the Year of AI for Networking, discussed Cisco's AI networking vision and strategy. This blog will focus on evolving data center network infrastructure for supporting AI/ML ...
1 week ago Feedpress.me
Update delays to NIST vulnerability database alarms researchers - Vital data used to protect against cyberattacks is missing from more than 2,000 of the latest entries in the world's most widely used vulnerability database. A significant number of new CVEs added to the National Vulnerability Database in recent ...
1 week ago Packetstormsecurity.com
Nations Direct Mortgage Data Breach Impacts 83,000 Individuals - Nations Direct Mortgage has started informing more than 83,000 individuals that their personal information was compromised in a December 2023 data breach. The incident, the lender says in a notification, was identified on December 30 and resulted in ...
1 week ago Packetstormsecurity.com
Apex Legends esports final delayed by hack claims - Apex Legends is a battle royale-style online multiplayer game launched as a competitor to Fortnite. The North American esports final of online shooter Apex Legends has been postponed following claims of hacking. Clips shared by players show unwanted ...
1 week ago Packetstormsecurity.com
Airbus Pulls Out of Deal to Buy Atos Cybersecurity Unit - Atos shares tanked on Tuesday after the IT company announced that Airbus has decided not to move forward with discussions related to the acquisition of Atos' cybersecurity business. Atos announced the possible sale of its Big Data and Security ...
1 week ago Securityweek.com
Ordr launches OrdrAI CAASM+ to provide asset visibility with AI/ML classification - Ordr has launched its new OrdrAI CAASM+ product, built on top of the OrdrAI Asset Intelligence Platform. For years, Ordr has been solving asset visibility and security challenges in the world's most demanding environments, including healthcare, ...
1 week ago Helpnetsecurity.com
Research Shows IT and Construction Sectors Hardest Hit By Ransomware - New research has shed light on the profound impact of ransomware attacks on the IT and construction sectors, revealing that these industries bore the brunt of nearly half of all incidents in 2023. The findings, detailed in a new report by Ontinue's ...
1 week ago Infosecurity-magazine.com
'PhantomBlu' Cyberattackers Backdoor Microsoft Office Users via OLE - A malicious email campaign is targeting hundreds of Microsoft Office users in US-based organizations to deliver a remote access trojan that evades detection, partially by showing up as legitimate software. Threat actors previously have used the RAT ...
1 week ago Darkreading.com
DarkGPT OSINT AI Assistant To Find Leaked Database - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 week ago Hackersonlineclub.com
Crypto wallet-draining attacks necessitate security rethink The Register - Infosec researchers are noting rising cryptocurrency attacks and have encouraged wallet security providers to up their collective game. Introduced in 2019, CREATE2 is seen as a significant advancement for Ethereum, allowing for more efficient ...
1 week ago Go.theregister.com
Cato Unveils Industry First AI-driven Networking and Security Incident Detection and Response - Cato Networks, the leader in SASE, announced the addition of network incident detection and response tools to the Cato SASE Cloud platform. With Network Stories for Cato XDR, advanced AI algorithms instantly identify outages in customer networks and ...
1 week ago Itsecurityguru.org
Cato Unveils Industry First AI-driven Networking and Security Incident Detection and Response - Cato Networks, the leader in SASE, announced the addition of network incident detection and response tools to the Cato SASE Cloud platform. With Network Stories for Cato XDR, advanced AI algorithms instantly identify outages in customer networks and ...
1 week ago Itsecurityguru.org
Cato Unveils Industry First AI-driven Networking and Security Incident Detection and Response - Cato Networks, the leader in SASE, announced the addition of network incident detection and response tools to the Cato SASE Cloud platform. With Network Stories for Cato XDR, advanced AI algorithms instantly identify outages in customer networks and ...
1 week ago Itsecurityguru.org
Cato Unveils Industry First AI-driven Networking and Security Incident Detection and Response - Cato Networks, the leader in SASE, announced the addition of network incident detection and response tools to the Cato SASE Cloud platform. With Network Stories for Cato XDR, advanced AI algorithms instantly identify outages in customer networks and ...
1 week ago Itsecurityguru.org
Innovative Web Automation Solutions Unveiled by Skyvern AI - People can use Skyvern as more than just an automation tool; it's a comprehensive solution that utilizes cutting-edge technologies such as large language models, computer vision, and proxy networks to streamline their online activities by leveraging ...
1 week ago Cysecurity.news
WhatsApp Beta Testing Expanded Authentication Methods for App Lock Feature - In a world where privacy and security are increasingly important, WhatsApp continues to prioritize the protection of user data through encrypted messaging. Recently, the app has been testing a new label to highlight chat encryption, further ...
1 week ago Cysecurity.news
Synopsys fAST Dynamic enables DevOps teams to fix security vulnerabilities in modern web apps - Synopsys released Synopsys fAST Dynamic, a new dynamic application security testing offering on the Synopsys Polaris Software Integrity Platform. fAST Dynamic enables development, security, and DevOps teams to find and fix security vulnerabilities in ...
1 week ago Helpnetsecurity.com
eSentire Threat Intelligence reduces false positive alerts - eSentire launched its first standalone cybersecurity product, eSentire Threat Intelligence, extending eSentire's protection and automated blocking capability across firewalls, threat intelligence platforms, email services and endpoint agents. ...
1 week ago Helpnetsecurity.com
Drata unveils Adaptive Automation for streamlined compliance - Drata has unveiled a new offering, Adaptive Automation. Augmenting the scope of continuous control monitoring and evidence collection, Adaptive Automation empowers GRC professionals to save time and automate even more of their compliance program ...
1 week ago Helpnetsecurity.com
New AcidPour data wiper targets Linux x86 network devices - A new destructive malware named AcidPour was spotted in the wild, featuring data-wiper functionality and targeting Linux x86 IoT and networking devices. Data wipers are a category of malware designed for destructive attacks that delete files and data ...
1 week ago Bleepingcomputer.com
Secure Your API With JWT: Kong OpenID Connect - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 week ago Feeds.dzone.com
How AI can be hacked with prompt injection: NIST report - As AI proliferates, so does the discovery and exploitation of AI cybersecurity vulnerabilities. Prompt injection is one such vulnerability that specifically attacks generative AI. In Adversarial Machine Learning: A Taxonomy and Terminology of Attacks ...
1 week ago Securityintelligence.com
BigID Raises $60 Million at $1 Billion Valuation - Data security, compliance, privacy and governance solutions provider BigID announced on Monday that it has raised $60 million in a growth funding round. The company has raised a total of $320 million and is valued at more than $1 billion. It claims ...
1 week ago Securityweek.com
Chinese APT Hacks 48 Government Organizations - An advanced persistent threat actor likely operating on behalf of the Chinese government has compromised dozens of foreign government entities worldwide, Trend Micro reports. Referred to as Earth Krahang, the hacking group appears linked to Earth ...
1 week ago Securityweek.com
Traefik Labs updates address rising Kubernetes adoption and API management - Traefik Labs has unveiled product updates that address the escalating adoption of Kubernetes and the crucial role of API management in modern digital infrastructure. The updates include a Kubernetes-native API gateway, integration of a Web ...
1 week ago Helpnetsecurity.com
NIST's NVD has encountered a problem - Whether the cause is insurmountable technical debt, lack of funds, a third reason or all of them, NIST's National Vulnerability Database is struggling, and it's affecting vulnerability management efforts. NIST hasn't further explained wherein the ...
1 week ago Helpnetsecurity.com
Avoid high cyber insurance costs by improving Active Directory security - Insurance broker and risk advisor Marsh revealed that US cyber insurance premiums rose by an average of 11% in the first quarter of 2023, and Delinea reported that 67% of survey respondents said their cyber insurance costs increased between 50% and ...
1 week ago Bleepingcomputer.com
The New CISO: Rethinking the Role - Dating back to the 1990s, the role of CISO was more technical and IT-focused. CISOs face more risks than can be resolved, are expected to balance security with operational capability, and must convince leaders to invest in protection. Today, CISOs ...
1 week ago Darkreading.com
Attacker Hunting Firewalls - Firewalls and other perimeter devices are a huge target these days. Ivanti, Forigate, Citrix, and others offer plenty of difficult-to-patch vulnerabilities for attackers to exploit. Ransomware actors and others are always on the lookout for new ...
1 week ago Isc.sans.edu
Delivering Digital Immunity: Taking a Holistic Approach to Optimize Your Network - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 week ago Securityboulevard.com
Sonatype SBOM Manager identifies and mitigates vulnerabilities within the software supply chain - Working with the world's largest enterprises and global policymakers to address the complexities of optimizing your software supply chain with SBOMs, Sonatype announced SBOM Manager. This solution provides an integrated approach to managing SBOMs ...
1 week ago Helpnetsecurity.com
Mintlify Data Breach Exposes Customer GitHub Tokens - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 week ago Gbhackers.com
Providing Optimal Cloud Security Outcomes Through StateRAMP - Palo Alto Networks reaches a significant milestone as our commitment to comprehensive security achieves the largest number of StateRAMP marketplace approved cybersecurity offerings. In its commitment to be the state and local government's ...
1 week ago Paloaltonetworks.com
Atos says Airbus acquisition talks on big data biz grounded The Register - Atos' share price sank as much as 20 percent this morning on confirmation that Airbus is no longer interested in buying the big data and security parts of the crumbling tech empire. The pair got round the negotiating table in January to thrash out a ...
1 week ago Go.theregister.com
AI and the Evolution of Social Media - A decade ago, social media was celebrated for sparking democratic uprisings in the Arab world and beyond. In a 2022 survey, Americans blamed social media for the coarsening of our political discourse, the spread of misinformation, and the increase in ...
1 week ago Securityboulevard.com
Case Study: Fatty Liver Foundation Improves Enterprise Domain Security with PowerDMARC - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 week ago Securityboulevard.com
Verimatrix Counterspy safeguards content across various devices - Counterspy leverages technology first developed by the company's cybersecurity team back in 2021 to offer an innovative new way to counter the rise in video piracy in an era where streaming apps are prevalent. Counterspy is a standalone product ...
1 week ago Helpnetsecurity.com
NHS Dumfries and Galloway Faces Cyberattack, Patient Data at Risk - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 week ago Hackread.com
Social media influencers targeted by identity thieves - Social media influencers are attractive targets for identity thieves. With large followings and a literal influence on their followers, it's no wonder they are targeted by scammers and spreaders of fake news. Such a person influences the financial ...
1 week ago Malwarebytes.com
Preparing Society for AI-Driven Disinformation in the 2024 Election Cycle - If you believe that the 2020 Presidential election in the United States represented the worst kind of campaign replete with lies, misstated facts and disinformation, I have some news for you. The rapid evolution of artificial intelligence and ...
1 week ago Securityweek.com
Nations Direct Mortgage Data Breach Impacts 83,000 Individuals - Nations Direct Mortgage has started informing more than 83,000 individuals that their personal information was compromised in a December 2023 data breach. The incident, the lender says in a notification, was identified on December 30 and resulted in ...
1 week ago Securityweek.com
SUSE announces new enhancements to help users manage business-critical workloads - SUSE announced enhancements across its cloud native and Edge portfolio to enable customers to securely deploy and manage business-critical workloads anywhere. New capabilities in Rancher Prime 3.0, SUSE's commercial offering of Rancher and SUSE Edge ...
1 week ago Helpnetsecurity.com
PoC Published for Critical RCE Vulnerability in Fortra FileCatalyst - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 week ago Cybersecuritynews.com
900+ websites Exposing 10M+ Passwords: Most in Plaintext - Over 900 websites inadvertently expose over 10 million passwords, many of which are in plaintext, alongside sensitive billing information and personally identifiable information of approximately 125 million users. This massive data exposure is ...
1 week ago Gbhackers.com
Zero-Trust Architecture in Modern Cybersecurity - Clearly, organizations need more robust cybersecurity protections in place, which is leading many to adopt a zero-trust architecture approach. Zero-trust flips conventional security on its head by shifting from an implicit trust model to one where ...
1 week ago Feeds.dzone.com
Cisco Secure Access named Leader in Zero Trust Network Access - Zero Trust Network Access is a critical component to increase productivity and reduce risk in today's hyper-distributed environments. Cisco Secure Access provides a modern form of zero trust access that utilizes a new architecture to deliver a unique ...
1 week ago Feedpress.me
Navigating the Internship Odyssey: Taking a Leap To Love Where I Work - When I started interviewing for Cisco, I was overwhelmed. I didn't believe I was the number one candidate for a project management internship, as I was a telecommunications bachelor graduate and was studying computer science. Well, I have seen ...
1 week ago Feedpress.me
December 2023 Cyber Attacks Timeline - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 week ago Hackmageddon.com
Store manager admits SIM swapping his customers - A 42-year-old manager at an unnamed telecommunications company has admitted SIM swapping customers at his store. SIM swapping, also known as SIM jacking, is the act of illegally taking over a target's cell phone number and re-routing it to a phone ...
1 week ago Malwarebytes.com
PoC exploit for critical Fortra FileCatalyst MFT vulnerability released - Proof-of-concept exploit code for a critical RCE vulnerability in Fortra FileCatalyst MFT solution has been published. Fortra FileCatalyst is an enterprise managed file transfer software solution that includes several components: FileCatalyst Direct, ...
1 week ago Helpnetsecurity.com
Franklin Fueling System EVO 550/5000 - RISK EVALUATION. Successful exploitation of this vulnerability could allow an attacker to read arbitrary files on the system. Franklin Fueling System EVO 550 and EVO 5000 are vulnerable to a Path Traversal vulnerability that could allow an attacker ...
1 week ago Cisa.gov
'Conversation Overflow' Cyberattacks Bypass AI Security to Target Execs - The emails can escape AI/ML algorithms' threat detection through use of hidden text designed to mimic legitimate communication, according to SlashNext threat researchers, who released an analysis on the tactic today. They noted that it's being used ...
1 week ago Darkreading.com
AI Researchers In West, China Identify AI 'Red Lines' - Leading AI researchers in the West and China identify key 'red lines' that AI must not cross in order to avoid 'existential risks'. Leading Western and Chinese AI researchers have said China and the West must work together to mitigate existential ...
1 week ago Silicon.co.uk
5 Types of Crypto You Didn't Know Existed - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 week ago Hackread.com
Players hacked during the matches of Apex Legends Global Series - We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience ...
1 week ago Securityaffairs.com
Pentest People Announces its Assured Service Provider status for NCSC's Cyber Incident Exercising Scheme - Pentest People, the Penetration Testing as a Service and cybersecurity experts, today announces it has become one of only a few companies in the UK to be an Assured Service Provider in the recently launched National Cyber Security Centre Cyber ...
1 week ago Itsecurityguru.org
Pentest People Announces its Assured Service Provider status for NCSC's Cyber Incident Exercising Scheme - Pentest People, the Penetration Testing as a Service and cybersecurity experts, today announces it has become one of only a few companies in the UK to be an Assured Service Provider in the recently launched National Cyber Security Centre Cyber ...
1 week ago Itsecurityguru.org
Pentest People Announces its Assured Service Provider status for NCSC's Cyber Incident Exercising Scheme - Pentest People, the Penetration Testing as a Service and cybersecurity experts, today announces it has become one of only a few companies in the UK to be an Assured Service Provider in the recently launched National Cyber Security Centre Cyber ...
1 week ago Itsecurityguru.org
Pentest People Announces its Assured Service Provider status for NCSC's Cyber Incident Exercising Scheme - Pentest People, the Penetration Testing as a Service and cybersecurity experts, today announces it has become one of only a few companies in the UK to be an Assured Service Provider in the recently launched National Cyber Security Centre Cyber ...
1 week ago Itsecurityguru.org
Pentest People Announces its Assured Service Provider status for NCSC's Cyber Incident Exercising Scheme - Pentest People, the Penetration Testing as a Service and cybersecurity experts, today announces it has become one of only a few companies in the UK to be an Assured Service Provider in the recently launched National Cyber Security Centre Cyber ...
1 week ago Itsecurityguru.org
Pentest People Announces its Assured Service Provider status for NCSC's Cyber Incident Exercising Scheme - Pentest People, the Penetration Testing as a Service and cybersecurity experts, today announces it has become one of only a few companies in the UK to be an Assured Service Provider in the recently launched National Cyber Security Centre Cyber ...
1 week ago Itsecurityguru.org
Pentest People Announces its Assured Service Provider status for NCSC's Cyber Incident Exercising Scheme - Pentest People, the Penetration Testing as a Service and cybersecurity experts, today announces it has become one of only a few companies in the UK to be an Assured Service Provider in the recently launched National Cyber Security Centre Cyber ...
1 week ago Itsecurityguru.org
Pentest People Announces its Assured Service Provider status for NCSC's Cyber Incident Exercising Scheme - Pentest People, the Penetration Testing as a Service and cybersecurity experts, today announces it has become one of only a few companies in the UK to be an Assured Service Provider in the recently launched National Cyber Security Centre Cyber ...
1 week ago Itsecurityguru.org
Pentest People Announces its Assured Service Provider status for NCSC's Cyber Incident Exercising Scheme - Pentest People, the Penetration Testing as a Service and cybersecurity experts, today announces it has become one of only a few companies in the UK to be an Assured Service Provider in the recently launched National Cyber Security Centre Cyber ...
1 week ago Itsecurityguru.org
Pentest People Announces its Assured Service Provider status for NCSC's Cyber Incident Exercising Scheme - Pentest People, the Penetration Testing as a Service and cybersecurity experts, today announces it has become one of only a few companies in the UK to be an Assured Service Provider in the recently launched National Cyber Security Centre Cyber ...
1 week ago Itsecurityguru.org
Pentest People Announces its Assured Service Provider status for NCSC's Cyber Incident Exercising Scheme - Pentest People, the Penetration Testing as a Service and cybersecurity experts, today announces it has become one of only a few companies in the UK to be an Assured Service Provider in the recently launched National Cyber Security Centre Cyber ...
1 week ago Itsecurityguru.org
Pentest People Announces its Assured Service Provider status for NCSC's Cyber Incident Exercising Scheme - Pentest People, the Penetration Testing as a Service and cybersecurity experts, today announces it has become one of only a few companies in the UK to be an Assured Service Provider in the recently launched National Cyber Security Centre Cyber ...
1 week ago Itsecurityguru.org
Pentest People Announces its Assured Service Provider status for NCSC's Cyber Incident Exercising Scheme - Pentest People, the Penetration Testing as a Service and cybersecurity experts, today announces it has become one of only a few companies in the UK to be an Assured Service Provider in the recently launched National Cyber Security Centre Cyber ...
1 week ago Itsecurityguru.org
Pentest People Announces its Assured Service Provider status for NCSC's Cyber Incident Exercising Scheme - Pentest People, the Penetration Testing as a Service and cybersecurity experts, today announces it has become one of only a few companies in the UK to be an Assured Service Provider in the recently launched National Cyber Security Centre Cyber ...
1 week ago Itsecurityguru.org
Vultr Cloud Inference simplifies AI deployment - Vultr launched Vultr Cloud Inference, a new serverless platform. Leveraging Vultr's global infrastructure spanning six continents and 32 locations, Vultr Cloud Inference provides customers with scalability, reduced latency, and enhanced cost ...
1 week ago Helpnetsecurity.com
900+ Websites Exposing 100M+ Accounts - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 week ago Cybersecuritynews.com
Hackers Exploiting Microsoft Templates to Execute Malicious Code - This campaign represents a significant evolution in the tactics, techniques, and procedures employed by cybercriminals. They are leveraging social engineering and advanced evasion techniques to deploy malicious code. The attackers meticulously ...
1 week ago Gbhackers.com
What are non-human identities? - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 week ago Securityboulevard.com

Trending Cyber News (last 7 days)

CVE-2024-25808 - Cross-site Request Forgery (CSRF) vulnerability in Lychee version 3.1.6, allows remote attackers to execute arbitrary code via the create new album function. ...
6 days ago
CVE-2024-29057 - Microsoft Edge (Chromium-based) Spoofing Vulnerability ...
2 days ago
CVE-2024-2824 - A vulnerability was found in Matthias-Wandel jhead 3.08 and classified as critical. This issue affects the function PrintFormatNumber of the file exif.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The ...
5 days ago
CVE-2024-1049 - The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Widget's in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output ...
3 days ago
CVE-2024-2468 - The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress widget ...
3 days ago
CVE-2023-4063 - Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when using an improper eSCL URL GET request. ...
5 days ago
CVE-2024-23755 - ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode. ...
3 days ago
CVE-2021-47168 - In the Linux kernel, the following vulnerability has been resolved: ...
3 days ago
CVE-2024-26247 - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability ...
2 days ago
CVE-2024-26557 - Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter. ...
6 days ago
CVE-2024-25807 - Cross Site Scripting (XSS) vulnerability in Lychee 3.1.6, allows remote attackers to execute arbitrary code and obtain sensitive information via the title parameter when creating an album. ...
6 days ago
CVE-2024-2723 - SQL injection vulnerability in the CIGESv2 system, through /ajaxSubServicios.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a ...
5 days ago
CVE-2024-29865 - Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page via the username to the LDAP login form. ...
5 days ago
CVE-2022-32751 - IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further attacks against the system. IBM X-Force ID: 228437. ...
5 days ago
CVE-2024-2825 - A vulnerability classified as critical has been found in lakernote EasyAdmin up to 20240315. This affects an unknown part of the file /ureport/designer/saveReportFile. The manipulation of the argument file leads to path traversal: ...
3 days ago
CVE-2024-2826 - A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can ...
3 days ago
CVE-2024-2805 - A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been rated as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based ...
6 days ago
CVE-2024-2728 - Information exposure vulnerability in the CIGESv2 system. This vulnerability could allow a local attacker to intercept traffic due to the lack of proper implementation of the TLS protocol. ...
5 days ago
CVE-2024-2326 - The Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.3. This is due to missing or incorrect nonce ...
3 days ago
CVE-2024-2202 - The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the legacy Image widget in all versions up to, and including, 2.29.6 due to insufficient input sanitization and output escaping. This makes it ...
3 days ago
CVE-2024-2688 - The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress document widget ...
3 days ago
CVE-2024-24840 - Missing Authorization vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.4.11. ...
3 days ago
CVE-2024-29944 - An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This ...
2 days ago
CVE-2024-29042 - Translate is a package that allows users to convert text to different languages on Node.js and the browser. Prior to version 3.0.0, an attacker controlling the second variable of the `translate` function is able to perform a cache poisoning attack. ...
5 days ago
CVE-2024-29385 - DIR-845L router < v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function. ...
5 days ago
CVE-2024-2823 - A vulnerability has been found in DedeCMS 5.7 and classified as problematic. This vulnerability affects unknown code of the file /src/dede/mda_main.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The ...
5 days ago
CVE-2024-29034 - CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. The vulnerability CVE-2023-49090 wasn't fully addressed. This vulnerability is caused by the fact that when uploading to object storage, including Amazon ...
3 days ago
CVE-2024-29031 - Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.17 allows a remote attacker to obtain sensitive ...
6 days ago
CVE-2024-29273 - There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document. ...
6 days ago
CVE-2024-2080 - The LiquidPoll – Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.76 via the poller_list shortcode. This makes it possible for authenticated ...
6 days ago
CVE-2024-2780 - A vulnerability was found in Campcodes Online Marriage Registration System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to ...
6 days ago
CVE-2024-2777 - A vulnerability has been found in Campcodes Online Marriage Registration System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/application-bwdates-reports-details.php. The manipulation of ...
6 days ago
CVE-2024-2776 - A vulnerability, which was classified as critical, was found in Campcodes Online Marriage Registration System 1.0. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It ...
6 days ago
CVE-2024-28861 - Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a PHP framework for web projects. Starting in version 1.1.0 and prior to version 1.5.19, Symfony 1 has a gadget chain due to dangerous deserialization in `sfNamespacedParameterHolder` ...
5 days ago
CVE-2024-29185 - FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of the php_path parameter is being executed as an OS command by the shell_exec ...
5 days ago
CVE-2023-5685 - A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS). ...
3 days ago
CVE-2024-2827 - A vulnerability, which was classified as critical, has been found in lakernote EasyAdmin up to 20240315. This issue affects some unknown processing of the file /ureport/designer/saveReportFile. The manipulation leads to server-side request forgery. ...
3 days ago
CVE-2024-29190 - Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the ...
3 days ago
CVE-2024-2851 - A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command ...
2 days ago
CVE-2024-2832 - A vulnerability classified as problematic was found in Campcodes Online Shopping System 1.0. This vulnerability affects unknown code of the file /offersmail.php. The manipulation of the argument email leads to cross site scripting. The attack can be ...
3 days ago
CVE-2024-2971 - Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF file. ...
1 day ago
CVE-2024-28171 - ...
6 days ago
CVE-2024-29195 - The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices. An attacker can cause an integer wraparound or ...
2 days ago
CVE-2024-2828 - A vulnerability, which was classified as critical, was found in lakernote EasyAdmin up to 20240315. Affected is the function thumbnail of the file src/main/java/com/laker/admin/module/sys/controller/IndexController.java. The manipulation of the ...
3 days ago
CVE-2024-29187 - WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to drop and load multiple binaries. ...
3 days ago
CVE-2024-28004 - Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248. ...
1 hour ago
CVE-2024-24832 - Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9. ...
3 days ago
CVE-2021-47153 - In the Linux kernel, the following vulnerability has been resolved: ...
3 days ago
CVE-2024-24835 - Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4. ...
3 days ago
CVE-2021-47176 - In the Linux kernel, the following vulnerability has been resolved: ...
3 days ago