Troubled US insurance giant hit by extortion after data leak
Globe Life claims blackmailers shared stolen into with short sellers US insurance provider Globe...
Microsoft warns it lost some customer's security logs for a month
Microsoft is warning enterprise customers that, for almost a month, a bug caused critical logs...
Microsoft: Ransomware Attacks Growing More Dangerous, Complex
Attackers launched 600 million cybercriminal and nation-state threats on Microsoft customers...
Fake Google Meet conference errors push infostealing malware
A new ClickFix campaign is luring users to fraudulent Google Meet conference pages showing fake...
FBI arrest Alabama man suspected of hacking SEC's X account
An Alabama man was arrested today by the FBI for his suspected role in hacking the SEC's X...
Undercover North Korean IT workers now steal data, extort employers
North Korean IT professionals who trick Western companies into hiring them are stealing data...
Number of Active Ransomware Groups Highest on Record, Cyberint’s Report Finds
This indicates that the most prominent ransomware groups are succumbing to law enforcement...
Vulnerabilities by Risk level (Last 12 months)
Vulnerabilities by Vendor (Last 12 months)
Latest Vulnerabilities
-
CVE-2024-10033
5.4A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by...
-
CVE-2024-45071
5.5IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus...
-
CVE-2024-45072
5.5IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose...
-
CVE-2024-9893
9.8The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. This is due to insufficient verification on the user being...
-
CVE-2020-36841
5.3The WooCommerce Smart Coupons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the woocommerce_coupon_admin_init function in versions up to, and...
Latest Critical Vulnerabilities
-
CVE-2024-9893
9.8The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. This is due to insufficient verification on the user being...
-
CVE-2016-15042
9.8The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the...
-
CVE-2018-25105
9.8The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it...
-
CVE-2019-25213
9.8The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media...
-
CVE-2019-25217
9.8The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to...
-
CVE-2020-36832
9.8The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. This makes it possible for unauthenticated attackers to...
-
CVE-2020-36837
9.9The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1....
-
CVE-2021-4443
9.8The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for...