'That's not a bug, it's a feature' takes on a darker tone when malware's involved
Mummy, where do zero days come from? Opinion One of the charms of coding is that malice can be...
Adobe warns of critical ColdFusion bug with PoC exploit code
Adobe has released out-of-band security updates to address a critical ColdFusion vulnerability...
FTC orders Marriott and Starwood to implement strict data security
The Federal Trade Commission (FTC) has ordered Marriott International and Starwood Hotels to...
Criminal Complaint against LockBit Ransomware Writer
The Justice Department has published the criminal complaint against Dmitry Khoroshev, for...
Premium WPLMS WordPress plugins address seven critical flaws
Two WordPress plugins required by the premium WordPress WPLMS theme, which has over 28,000...
Protect 3 Devices With This Maximum Security Software
Trend Micro guards desktop and mobile devices from ransomware, phishing schemes, spam, and more...
Vulnerabilities by Risk level (Last 12 months)
Vulnerabilities by Vendor (Last 12 months)
Latest Vulnerabilities
-
CVE-2024-11852
4.3The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to unauthorized access of data due to a missing...
-
CVE-2024-51463
5.4IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network...
-
CVE-2024-51464
4.3IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to...
-
CVE-2024-12875
4.9The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.2 via the file...
-
CVE-2024-10453
6.4The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typography Settings in all versions up to, and...
Latest Critical Vulnerabilities
-
CVE-2024-11349
9.8The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to...
-
CVE-2024-51466
9.0IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to...
-
CVE-2024-12571
9.8The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is vulnerable to Local File Inclusion in version 3.98.9 via the 'sl_engine' parameter. This makes it possible...
-
CVE-2024-10244
9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ISDO Software Web Software allows SQL Injection.This issue affects Web Software: before 3.6.
-
CVE-2024-12626
9.6The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the...
-
CVE-2024-12287
9.8The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly verifying a user's identity...
-
CVE-2024-8972
9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobil365 Informatics Saha365 App allows SQL Injection.This issue affects Saha365 App: before...
-
CVE-2024-12356 - Command Injection vulnerability in Beyondtrust Remote Support
9.8A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.