OMIGOD: Microsoft Azure VMs exploited to drop Mirai, miners
Threat actors started actively exploiting the critical Azure OMIGOD vulnerabilities two days...
Ditch the Alert Cannon: Modernizing IDS is a Security Must-Do
Time has not been kind to IDS and has created wide security gaps.
To combat the outdated...
Is it OK to use stolen data? What if it's scientific research in the public interest?
There's a fine line between getting hold of data that may be in the public interest and...
AT&T Phone-Unlocking Malware Ring Costs Carrier $200M
The ringleader of a seven-year phone-unlocking and malware scheme will head to the clink for 12...
Microsoft MSHTML Flaw Exploited by Ryuk Ransomware Gang
Criminals behind the Ryuk ransomware were early exploiters of the Windows MSHTML flaw, actively...
Microsoft asks Azure Linux admins to manually patch OMIGOD bugs
Manual updates required for existing Azure VMs. While working to address these bugs, Microsoft...
Zero-Click iMessage Exploit
Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s...
Vulnerabilities by Risk level (Last 12 months)
Vulnerabilities by Vendor (Last 12 months)
| Vendor | Last 12 months | # |
| 1266 | ||
| Microsoft | 988 | |
| Fedoraproject | 695 | |
| Oracle | 650 | |
| Cisco | 626 |
Latest Vulnerabilities
-
CVE-2021-38326 - Cross-site Scripting vulnerability in Wpleet Post Title Counter
4.3The Post Title Counter WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the notice parameter found in the ~/post-title-counter.php file which allows attackers to inject...
-
CVE-2021-38327 - Cross-site Scripting vulnerability in Ueberhamm-Design Youtube Video Inserter
4.3The YouTube Video Inserter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/adminUI/settings.php file which allows attackers...
-
CVE-2021-38328 - Cross-site Scripting vulnerability in Notices Project Notices 6.1
4.3The Notices WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/notices.php file which allows attackers to inject arbitrary web...
-
CVE-2021-38329 - Cross-site Scripting vulnerability in DJ Emailpublish Project DJ Emailpublish
4.3The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/dj-email-publish.php file which allows attackers to...
-
CVE-2021-38330 - Cross-site Scripting vulnerability in Tromit Yabp
4.3The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/yabp.php file which allows attackers to...
Latest Critical Vulnerabilities
-
CVE-2020-19138 - Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms
10.0Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java".
-
CVE-2021-21103 - Access of Memory Location After End of Buffer vulnerability in Adobe Illustrator
9.3Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability...
-
CVE-2021-21104 - Access of Memory Location After End of Buffer vulnerability in Adobe Illustrator
9.3Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability...
-
CVE-2021-21105 - Access of Memory Location After End of Buffer vulnerability in Adobe Illustrator
9.3Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability...
-
CVE-2021-1813 - Improper Privilege Management vulnerability in Apple products
9.3A validation issue was addressed with improved logic. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5,...
-
CVE-2021-1829 - Type Confusion vulnerability in Apple Macos
10.0A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.3. An application may be able to execute arbitrary code with kernel privileges.
-
CVE-2021-1834 - Out-of-bounds Write vulnerability in Apple mac OS X and Macos
10.0An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious...
-
CVE-2021-30672 - Out-of-bounds Write vulnerability in Apple mac OS X and Macos
9.3A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious...