My TedXBillings Talk
Over the summer, I gave a talk about AI and democracy at TedXBillings. The recording is <a...
Ivanti warns high severity CSA flaw is now exploited in attacks
Ivanti confirmed on Friday that a high severity vulnerability in its Cloud Services Appliance...
RansomHub claims Kawasaki cyberattack, threatens to leak stolen data
Kawasaki Motors Europe has announced that it's recovering from a cyberattack that caused...
Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers
Details have emerged about a now-patched security flaw impacting Apple's Vision Pro mixed...
17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London
British authorities on Thursday announced the arrest of a 17-year-old male in connection with a...
Vulnerabilities by Risk level (Last 12 months)
Vulnerabilities by Vendor (Last 12 months)
Latest Vulnerabilities
-
CVE-2024-45383
5.0A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800). A specially crafted...
-
CVE-2024-28990
6.3SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ...
low complexityCWE-798 -
CVE-2024-28991
9.0SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the...
-
CVE-2024-8522
10.0The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions...
-
CVE-2024-8529
10.0The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all...
Latest Critical Vulnerabilities
-
CVE-2024-28991
9.0SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the...
-
CVE-2024-8522
10.0The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions...
-
CVE-2024-8529
10.0The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all...
-
CVE-2024-29847 - Deserialization of Untrusted Data vulnerability in Ivanti Endpoint Manager
9.8Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
-
CVE-2019-25212
9.1The video carousel slider with lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.6 due to insufficient escaping on the...
-
CVE-2024-8277
9.8The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2. This is due to the plugin not properly validating...
-
CVE-2024-8191 - SQL Injection vulnerability in Ivanti Endpoint Manager
9.8SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
-