FTC cracks down on Genshin Impact gacha loot box practices
Genshin Impact developer Cognosphere (aka Hoyoverse) has agreed to a $20 million settlement with...
FCC to telcos: By law you must secure your networks from foreign spies. Get on it
Plus: Uncle Sam is cross with this one Chinese biz over Salt Typhoon mega-snooping Decades-old...
Friday Squid Blogging: Opioid Alternatives from Squid Research
Is there nothing that squid research can’t solve? “If you’re working with an organism like squid...
Biden signs sweeping cybersecurity order, just in time for Trump to gut it
Ransomware, AI, secure software, digital IDs – there's something for everyone in the...
Otelier data breach exposes info, hotel reservations of millions
Hotel management platform Otelier suffered a data breach after threat actors breached its Amazon...
Malicious PyPi package steals Discord auth tokens from devs
A malicious package named 'pycord-self' on the Python package index (PyPI) targets...
Fortinet: FortiGate config leaks are genuine but misleading
Competition hots up with Ivanti over who can have the worst start to a year Fortinet has...
Vulnerabilities by Risk level (Last 12 months)
Vulnerabilities by Vendor (Last 12 months)
Latest Vulnerabilities
-
CVE-2024-41746
7.2IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the...
-
CVE-2018-25108
7.5An unauthenticated remote attacker can cause a DoS in the controller due to uncontrolled resource consumption.
-
CVE-2024-12427
5.3The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fw_upload_file AJAX action in all versions up to, and including,...
-
CVE-2024-12613
7.5The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX fuctions in all versions up to, and including, 1.4.8 due to insufficient...
-
CVE-2024-12614
7.5The Passwords Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pms_save_setting' and 'post_new_pass' AJAX actions in all...
Latest Critical Vulnerabilities
-
CVE-2025-0455
9.8The airPASS from NetVision Information has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
-
CVE-2025-0456
9.8The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access the specific administrative functionality to retrieve * all...
-
CVE-2024-12084
9.8A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds...
-
CVE-2024-9636
9.8The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in versions 2.2.85 to 2.3.3. This is due to the plugin not properly restricting what user meta can be...
-
-
CVE-2025-21307
9.8Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
-
-
CVE-2024-13179 - Path Traversal vulnerability in Ivanti Avalanche
9.8Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.