Troubled US insurance giant hit by extortion after data leak
Troubled US insurance giant hit by extortion after data leak

Troubled US insurance giant hit by extortion after data leak

2024-10-17 23:30

Globe Life claims blackmailers shared stolen into with short sellers US insurance provider Globe...

Microsoft warns it lost some customer's security logs for a month

Microsoft warns it lost some customer's security logs for a month

2024-10-17 22:17

Microsoft is warning enterprise customers that, for almost a month, a bug caused critical logs...

Microsoft: Ransomware Attacks Growing More Dangerous, Complex

Microsoft: Ransomware Attacks Growing More Dangerous, Complex

2024-10-17 21:04

Attackers launched 600 million cybercriminal and nation-state threats on Microsoft customers...

Fake Google Meet conference errors push infostealing malware

Fake Google Meet conference errors push infostealing malware

2024-10-17 21:00

A new ClickFix campaign is luring users to fraudulent Google Meet conference pages showing fake...

FBI arrest Alabama man suspected of hacking SEC's X account

FBI arrest Alabama man suspected of hacking SEC's X account

2024-10-17 18:21

An Alabama man was arrested today by the FBI for his suspected role in hacking the SEC's X...

Undercover North Korean IT workers now steal data, extort employers

Undercover North Korean IT workers now steal data, extort employers

2024-10-17 18:01

North Korean IT professionals who trick Western companies into hiring them are stealing data...

Number of Active Ransomware Groups Highest on Record, Cyberint’s Report Finds

Number of Active Ransomware Groups Highest on Record, Cyberint’s Report Finds

2024-10-17 17:07

This indicates that the most prominent ransomware groups are succumbing to law enforcement...

Vulnerabilities by Risk level (Last 12 months)

Risk level Last 12 months #
Critical 3188
High 8135
Medium 10232
Low 347

Vulnerabilities by Vendor (Last 12 months)

Vendor Last 12 months #
Linux 1171
Microsoft 785
Google 713
Adobe 665
IBM 375

Latest Vulnerabilities

  • CVE-2024-10033

    5.4

    A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by...

    network
    low complexity
    CWE-79
  • CVE-2024-45071

    5.5

    IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus...

    network
    low complexity
    CWE-79
  • CVE-2024-45072

    5.5

    IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose...

    network
    low complexity
    CWE-611
  • CVE-2024-9893

    9.8

    The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. This is due to insufficient verification on the user being...

    network
    low complexity
    CWE-288
    critical
  • CVE-2020-36841

    5.3

    The WooCommerce Smart Coupons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the woocommerce_coupon_admin_init function in versions up to, and...

    network
    low complexity
    CWE-285

Latest Critical Vulnerabilities

  • CVE-2024-9893

    9.8

    The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. This is due to insufficient verification on the user being...

    network
    low complexity
    CWE-288
    critical
  • CVE-2016-15042

    9.8

    The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the...

    network
    low complexity
    CWE-434
    critical
  • CVE-2018-25105

    9.8

    The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it...

    network
    low complexity
    CWE-862
    critical
  • CVE-2019-25213

    9.8

    The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media...

    network
    low complexity
    CWE-22
    critical
  • CVE-2019-25217

    9.8

    The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to...

    network
    low complexity
    CWE-862
    critical
  • CVE-2020-36832

    9.8

    The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. This makes it possible for unauthenticated attackers to...

    network
    low complexity
    CWE-287
    critical
  • CVE-2020-36837

    9.9

    The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1....

    network
    low complexity
    CWE-862
    critical
  • CVE-2021-4443

    9.8

    The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for...

    network
    low complexity
    CWE-434
    critical