'That's not a bug, it's a feature' takes on a darker tone when malware's involved
'That's not a bug, it's a feature' takes on a darker tone when malware's involved

'That's not a bug, it's a feature' takes on a darker tone when malware's involved

2024-12-23 21:30

Mummy, where do zero days come from? Opinion One of the charms of coding is that malice can be...

Adobe warns of critical ColdFusion bug with PoC exploit code

Adobe warns of critical ColdFusion bug with PoC exploit code

2024-12-23 19:58

Adobe has released out-of-band security updates to address a critical ColdFusion vulnerability...

FTC orders Marriott and Starwood to implement strict data security

FTC orders Marriott and Starwood to implement strict data security

2024-12-23 18:43

The Federal Trade Commission (FTC) has ordered Marriott International and Starwood Hotels to...

Criminal Complaint against LockBit Ransomware Writer

Criminal Complaint against LockBit Ransomware Writer

2024-12-23 17:04

The Justice Department has published the criminal complaint against Dmitry Khoroshev, for...

Premium WPLMS WordPress plugins address seven critical flaws

Premium WPLMS WordPress plugins address seven critical flaws

2024-12-23 16:59

Two WordPress plugins required by the premium WordPress WPLMS theme, which has over 28,000...

US court finds spyware maker NSO liable for WhatsApp hacks

US court finds spyware maker NSO liable for WhatsApp hacks

2024-12-23 16:37

A U.S. federal judge has ruled that Israeli spyware maker NSO Group violated U.S. hacking laws...

Protect 3 Devices With This Maximum Security Software

Protect 3 Devices With This Maximum Security Software

2024-12-23 15:29

Trend Micro guards desktop and mobile devices from ransomware, phishing schemes, spam, and more...

Vulnerabilities by Risk level (Last 12 months)

Risk level Last 12 months #
Critical 2760
High 7115
Medium 9522
Low 323

Vulnerabilities by Vendor (Last 12 months)

Vendor Last 12 months #
Linux 2052
Google 789
Apple 617
Adobe 484
Microsoft 430

Latest Vulnerabilities

  • CVE-2024-11852

    4.3

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to unauthorized access of data due to a missing...

    network
    low complexity
    CWE-862
  • CVE-2024-51463

    5.4

    IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network...

    network
    low complexity
    CWE-918
  • CVE-2024-51464

    4.3

    IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to...

    network
    low complexity
    CWE-644
  • CVE-2024-12875

    4.9

    The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.2 via the file...

    network
    low complexity
    CWE-73
  • CVE-2024-10453

    6.4

    The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typography Settings in all versions up to, and...

    network
    low complexity
    CWE-79

Latest Critical Vulnerabilities

  • CVE-2024-11349

    9.8

    The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to...

    network
    low complexity
    CWE-288
    critical
  • CVE-2024-51466

    9.0

    IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to...

    network
    high complexity
    CWE-917
    critical
  • CVE-2024-12571

    9.8

    The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is vulnerable to Local File Inclusion in version 3.98.9 via the 'sl_engine' parameter. This makes it possible...

    network
    low complexity
    CWE-98
    critical
  • CVE-2024-10244

    9.8

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ISDO Software Web Software allows SQL Injection.This issue affects Web Software: before 3.6.

    network
    low complexity
    CWE-89
    critical
  • CVE-2024-12626

    9.6

    The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the...

    network
    low complexity
    CWE-79
    critical
  • CVE-2024-12287

    9.8

    The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly verifying a user's identity...

    network
    low complexity
    CWE-287
    critical
  • CVE-2024-8972

    9.8

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobil365 Informatics Saha365 App allows SQL Injection.This issue affects Saha365 App: before...

    network
    low complexity
    CWE-89
    critical
  • CVE-2024-12356 - Command Injection vulnerability in Beyondtrust Remote Support

    9.8

    A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.

    network
    low complexity
    beyondtrust CWE-77
    critical