

Nearly 10 years after Data and Goliath, Bruce Schneier says: Privacy’s still screwed
'In 50 years, I think we'll view these business practices like we view sweatshops...

Microsoft: Hackers steal emails in device code phishing attacks
An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365...

Android's New Feature Blocks Fraudsters from Sideloading Apps During Calls
Google is working on a new security feature for Android that blocks device owners from changing...

If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish
Roses aren't cheap, violets are dear, now all your access token are belong to Vladimir...

SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN
Roses are red, violets are blue, CVE-2024-53704 is perfect for a ransomware crew Miscreants are...

Hackers exploit authentication bypass in Palo Alto Networks PAN-OS
Hackers are launching attacks against Palo Alto Networks PAN-OS firewalls by exploiting a...

New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution
Cybersecurity researchers have disclosed a new type of name confusion attack called whoAMI that...
Vulnerabilities by Risk level (Last 12 months)
Vulnerabilities by Vendor (Last 12 months)
Latest Vulnerabilities
-
-
CVE-2024-56463
4.8IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...
-
CVE-2024-52895
6.5IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact...
-
CVE-2024-56477
6.5IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot...
-
CVE-2024-12651
8.5Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables.This issue affects HGS Mobile App: before 6.5.0.
Latest Critical Vulnerabilities
-
CVE-2024-13152
10.0Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.This issue affects Mobuy Online Machinery...
-
CVE-2024-13182
9.8The WP Directorybox Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.5. This is due to incorrect authentication in the...
-
CVE-2024-10763
9.8The Campress theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.35 via the 'campress_woocommerce_get_ajax_products' function. This makes it possible...
-
CVE-2025-25349 - SQL Injection vulnerability in PHPgurukul Daily Expense Tracker System 1.1
9.8PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the costitem parameter.
-
CVE-2025-25351 - SQL Injection vulnerability in PHPgurukul Daily Expense Tracker System 1.1
9.8PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the dateexpense parameter.
-
CVE-2024-10960
9.9The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including,...
-
CVE-2024-12213
9.8The WP Job Board Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.76. This is due to the plugin allowing a user to supply the 'role' field...
-
CVE-2024-13421
9.8The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles...