Amazon says 175 million customer now use passkeys to log in
Amazon says 175 million customer now use passkeys to log in

Amazon says 175 million customer now use passkeys to log in

2024-10-15 20:52

Amazon has seen massive adoption of passkeys since the company quietly rolled them out a year...

Finland seizes servers of 'Sipultie' dark web drugs market

Finland seizes servers of 'Sipultie' dark web drugs market

2024-10-15 20:08

The Finnish Customs office took down the website and seized the servers for the darknet...

EDRSilencer red team tool used in attacks to bypass security

EDRSilencer red team tool used in attacks to bypass security

2024-10-15 18:47

A tool for red-team operations called EDRSilencer has been observed in malicious incidents...

Generative AI in Security: Risks and Mitigation Strategies

Generative AI in Security: Risks and Mitigation Strategies

2024-10-15 18:18

Microsoft’s Siva Sundaramoorthy provides a blueprint for how common cyber precautions apply to...

Microsoft says more ransomware stopped before reaching encryption

Microsoft says more ransomware stopped before reaching encryption

2024-10-15 16:45

Volume of attacks still surging though, according to Digital Defense Report Microsoft says...

TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns

TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns

2024-10-15 15:47

New variants of an Android banking trojan called TrickMo have been found to harbor previously...

New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT

New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT

2024-10-15 15:20

Cybersecurity researchers have disclosed a new malware campaign that leverages a malware loader...

Vulnerabilities by Risk level (Last 12 months)

Risk level Last 12 months #
Critical 3141
High 7974
Medium 10064
Low 326

Vulnerabilities by Vendor (Last 12 months)

Vendor Last 12 months #
Linux 1170
Microsoft 758
Google 713
Adobe 664
IBM 374

Latest Vulnerabilities

  • CVE-2024-9923

    4.9

    The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root...

    network
    low complexity
    CWE-23
  • CVE-2024-9924

    9.8

    The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which...

    network
    low complexity
    critical
  • CVE-2024-9921

    9.8

    The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete...

    network
    low complexity
    CWE-89
    critical
  • CVE-2024-9922

    7.5

    The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.

    network
    low complexity
    CWE-23
  • CVE-2024-8757

    7.2

    The WP Post Author – Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder plugin for WordPress is...

    network
    low complexity
    CWE-89

Latest Critical Vulnerabilities

  • CVE-2024-9924

    9.8

    The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which...

    network
    low complexity
    critical
  • CVE-2024-9921

    9.8

    The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete...

    network
    low complexity
    CWE-89
    critical
  • CVE-2024-9047

    9.8

    The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. This makes it possible for unauthenticated...

    network
    low complexity
    CWE-22
    critical
  • CVE-2024-9707

    9.8

    The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in...

    network
    low complexity
    CWE-862
    critical
  • CVE-2024-9822

    9.8

    The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the 'login_admin_user'...

    network
    low complexity
    CWE-288
    critical
  • CVE-2024-45115 - Unspecified vulnerability in Adobe Commerce and Magento

    9.8

    Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could...

    network
    low complexity
    adobe
    critical
  • CVE-2024-9518

    9.8

    The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and...

    network
    low complexity
    CWE-269
    critical
  • CVE-2024-38124

    9.0

    Windows Netlogon Elevation of Privilege Vulnerability

    low complexity
    CWE-287
    critical