Fintech giant Finastra investigates data breach after SFTP hack
Fintech giant Finastra investigates data breach after SFTP hack

Fintech giant Finastra investigates data breach after SFTP hack

2024-11-20 20:56

Finastra has confirmed it warned customers of a cybersecurity incident after a threat actor...

MITRE shares 2024's top 25 most dangerous software weaknesses

MITRE shares 2024's top 25 most dangerous software weaknesses

2024-11-20 20:37

MITRE has shared this year's top 25 list of the most common and dangerous software...

US charges five linked to Scattered Spider cybercrime gang

US charges five linked to Scattered Spider cybercrime gang

2024-11-20 19:22

The U.S. Justice Department has charged five suspects believed to be part of the financially...

Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root

Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root

2024-11-20 19:04

Five local privilege escalation (LPE) vulnerabilities have been discovered in the needrestart...

Mega US healthcare payments network restores system 9 months after ransomware attack

Mega US healthcare payments network restores system 9 months after ransomware attack

2024-11-20 18:01

Change Healthcare’s $2 billion recovery is still a work in progress Still reeling from its...

Google's AI bug hunters sniff out two dozen-plus code gremlins that humans missed

Google's AI bug hunters sniff out two dozen-plus code gremlins that humans missed

2024-11-20 17:01

OSS-Fuzz is making a strong argument for LLMs in security research Google's OSS-Fuzz...

Microsoft confirms game audio issues on Windows 11 24H2 PCs

Microsoft confirms game audio issues on Windows 11 24H2 PCs

2024-11-20 16:48

​Microsoft says a Windows 24H2 bug causes game audio to unexpectedly increase to full volume...

Vulnerabilities by Risk level (Last 12 months)

Risk level Last 12 months #
Critical 3117
High 8063
Medium 10580
Low 348

Vulnerabilities by Vendor (Last 12 months)

Vendor Last 12 months #
Linux 1723
Microsoft 862
Adobe 726
Google 559
Apple 380

Latest Vulnerabilities

  • CVE-2024-11400

    6.1

    The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the really_curr_tax parameter in all versions up to, and...

    network
    low complexity
    CWE-79
    6.1

  • CVE-2024-37070

    4.3

    IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.

    network
    low complexity
    CWE-359
    4.3

  • CVE-2024-52360

    7.6

    IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add,...

    network
    low complexity
    7.6

  • CVE-2024-11198

    6.4

    The GD Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘extra_class’ parameter in all versions up to, and including, 3.6.1 due to insufficient input...

    network
    low complexity
    CWE-79
    6.4

  • CVE-2024-11224

    6.4

    The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘position’ parameter in all versions up to, and including, 1.9 due to insufficient input sanitization...

    network
    low complexity
    CWE-79
    6.4

Latest Critical Vulnerabilities

  • CVE-2024-0012 - Missing Authentication for Critical Function vulnerability in Paloaltonetworks Pan-Os

    9.8

    An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to...

    network
    low complexity
    paloaltonetworks CWE-306
    critical
    9.8

  • CVE-2024-42383

    9.8

    Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field.

    network
    low complexity
    critical
    9.8

  • CVE-2024-11311

    9.8

    The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory,...

    network
    low complexity
    CWE-23
    critical
    9.8

  • CVE-2024-11312

    9.8

    The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory,...

    network
    low complexity
    CWE-23
    critical
    9.8

  • CVE-2024-11313

    9.8

    The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory,...

    network
    low complexity
    CWE-23
    critical
    9.8

  • CVE-2024-11314

    9.8

    The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory,...

    network
    low complexity
    CWE-23
    critical
    9.8

  • CVE-2024-11315

    9.8

    The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory,...

    network
    low complexity
    CWE-23
    critical
    9.8

  • CVE-2024-8856

    9.8

    The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file...

    network
    low complexity
    CWE-434
    critical
    9.8