New Windows Themes zero-day gets free, unofficial patches
Free unofficial patches are now available for a new Windows Themes zero-day vulnerability that...
Massive PSAUX ransomware attack targets 22,000 CyberPanel instances
Over 22,000 CyberPanel instances exposed online to a critical remote code execution (RCE)...
Belgian cops cuff 2 suspected cybercrooks in Redline, Meta infostealer sting
US also charges an alleged Redline dev, no mention of an arrest International law enforcement...
US charges suspected Redline infostealer developer, admin
The identity of a suspected developer and administrator of the Redline malware-as-a-service...
The story behind the Health Infrastructure Security and Accountability Act
Health care breaches lead to legislation Partner Content Breaches breed regulation; which...
Admins better Spring into action over latest critical open source vuln
Patch up: The Spring framework dominates the Java ecosystem If you're running an application...
Vulnerabilities by Risk level (Last 12 months)
Vulnerabilities by Vendor (Last 12 months)
Latest Vulnerabilities
-
CVE-2024-9162
7.2The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to arbitrary PHP Code Injection due to missing file type validation during the export in all versions up to, and...
-
CVE-2024-10438
7.5The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access...
-
CVE-2024-10439
5.3The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded...
-
CVE-2024-10440
9.8The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents.
-
CVE-2024-9501
9.8The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.0.7. This is due to insufficient verification on...
Latest Critical Vulnerabilities
-
CVE-2024-10440
9.8The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents.
-
CVE-2024-9501
9.8The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.0.7. This is due to insufficient verification on...
-
CVE-2024-9930
9.8The Extensions by HocWP Team plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2.3.2. This is due to missing validation on the user being supplied in...
-
CVE-2024-9931
9.8The Wux Blog Editor plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.0. This is due to missing validation on the token being supplied during the...
-
CVE-2024-9932
9.8The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'wuxbt_insertImageNew' function in versions up to, and including,...
-
CVE-2024-9488
9.8The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being...
-
CVE-2024-10335 - SQL Injection vulnerability in Sadat Garbage Collection Management System 1.0
9.8A vulnerability was found in SourceCodester Garbage Collection Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The...
-
CVE-2024-10336 - SQL Injection vulnerability in Clothes Recommendation System Project Clothes Recommendation System 1.0
9.8A vulnerability was found in SourceCodeHero Clothes Recommendation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/index.php of the...