Trump’s DoD CISO pick previously faced security clearance suspension
Hey, at least Katie Arrington brings a solid resume Donald Trump's nominee for a critical...
CISA and FBI: Ghost ransomware breached orgs in 70 countries
CISA and the FBI said attackers deploying Ghost ransomware have breached victims from multiple...
Check out this free automated tool that hunts for exposed AWS secrets in public repos
You can find out if your GitHub codebase is leaking keys ... but so can miscreants A free...
Phishing attack hides JavaScript using invisible Unicode trick
A new JavaScript obfuscation method utilizing invisible Unicode characters to represent binary...
New FrigidStealer infostealer infects Macs via fake browser updates
The FakeUpdate malware campaigns are increasingly becoming muddled, with two additional...
Australian fertility services giant Genea hit by security breach
Genea, one of Australia's largest fertility services providers, disclosed that unknown...
Vulnerabilities by Risk level (Last 12 months)
Vulnerabilities by Vendor (Last 12 months)
Latest Vulnerabilities
-
CVE-2024-13508
6.1The Booking Package plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the locale parameter in all versions up to, and including, 1.6.72 due to insufficient input...
-
CVE-2024-13743
6.4The Wonder Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wonderplugin_video shortcode in all versions up to, and including, 2.2 due to insufficient...
-
CVE-2024-45775
5.2A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory...
-
CVE-2024-45776
6.7When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to...
-
CVE-2024-45781
6.7A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap...
locallow complexity
Latest Critical Vulnerabilities
-
CVE-2024-12860
9.8The CarSpot – Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. This is due to the...
-
CVE-2024-13725
9.8The Keap Official Opt-in Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.1 via the service parameter. This makes it possible for...
-
CVE-2025-1387
9.8Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to log in to the system as any user.
networklow complexitycritical -
CVE-2024-12562
9.8The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2member_pro_remote_op'...
-
CVE-2024-13513
9.8The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality....
-
CVE-2024-13152
10.0Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.This issue affects Mobuy Online Machinery...
-
CVE-2024-13182
9.8The WP Directorybox Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.5. This is due to incorrect authentication in the...
-
CVE-2024-10763
9.8The Campress theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.35 via the 'campress_woocommerce_get_ajax_products' function. This makes it possible...