Critical zero-days impact premium WordPress real estate plugins
Critical zero-days impact premium WordPress real estate plugins

Critical zero-days impact premium WordPress real estate plugins

2025-01-22 22:59

The RealHome theme and the Easy Real Estate plugins for WordPress are vulnerable to two critical...

Cloudflare CDN flaw leaks user location data, even through secure chat apps

Cloudflare CDN flaw leaks user location data, even through secure chat apps

2025-01-22 21:32

A security researcher discovered a flaw in Cloudflare's content delivery network (CDN),...

Trump 'waved a white flag to Chinese hackers' as Homeland Security axed cyber advisory boards

Trump 'waved a white flag to Chinese hackers' as Homeland Security axed cyber advisory boards

2025-01-22 21:30

And: America 'has never been less secure,' retired rear admiral tells Congress The Trump...

Telegram captcha tricks you into running malicious PowerShell scripts

Telegram captcha tricks you into running malicious PowerShell scripts

2025-01-22 20:35

Threat actors on X are exploiting the news around Ross Ulbricht to direct unsuspecting users to...

Supply chain attack hits Chrome extensions, could expose millions

Supply chain attack hits Chrome extensions, could expose millions

2025-01-22 19:45

Threat actor exploited phishing and OAuth abuse to inject malicious code Cybersecurity outfit...

Cisco warns of denial of service flaw with PoC exploit code

Cisco warns of denial of service flaw with PoC exploit code

2025-01-22 18:47

Cisco has released security updates to patch a ClamAV denial-of-service (DoS) vulnerability,...

Stratoshark: Wireshark for the cloud – now available!

Stratoshark: Wireshark for the cloud – now available!

2025-01-22 18:19

Stratoshark is an innovative open-source tool that brings Wireshark’s detailed network...

Vulnerabilities by Risk level (Last 12 months)

Risk level Last 12 months #
Critical 2516
High 7005
Medium 9988
Low 332

Vulnerabilities by Vendor (Last 12 months)

Vendor Last 12 months #
Linux 2745
Google 662
Apple 592
Microsoft 476
Adobe 463

Latest Vulnerabilities

  • CVE-2024-13091

    9.8

    The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcld_wpcfb_file_upload' function in all versions up to, and...

    network
    low complexity
    CWE-434
    critical
  • CVE-2024-21245

    5.4

    Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Business Logic Infra SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily...

    network
    low complexity
  • CVE-2025-21489

    6.1

    Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Region Mapping). Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable...

    network
    low complexity
  • CVE-2025-21490

    4.9

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable...

    network
    low complexity
  • CVE-2025-21491

    4.9

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable...

    network
    low complexity

Latest Critical Vulnerabilities

  • CVE-2024-13091

    9.8

    The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcld_wpcfb_file_upload' function in all versions up to, and...

    network
    low complexity
    CWE-434
    critical
  • CVE-2025-21524

    9.8

    Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily...

    network
    low complexity
    critical
  • CVE-2025-21535

    9.8

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable...

    network
    low complexity
    critical
  • CVE-2025-21547

    9.1

    Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.20, 5.6.25.8, 5.6.26.6 and...

    network
    low complexity
    critical
  • CVE-2025-21556

    9.9

    Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Agile Integration Services). The supported version that is affected is 9.3.6. Easily exploitable...

    network
    low complexity
    critical
  • CVE-2025-0585

    9.8

    The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

    network
    low complexity
    CWE-89
    critical
  • CVE-2024-38337

    9.1

    IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow an unauthorized attacker to retrieve or alter sensitive information contents due to incorrect...

    network
    low complexity
    CWE-732
    critical
  • CVE-2024-41783

    9.1

    IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow a privileged user to inject commands into the underlying operating system due to improper validation...

    network
    low complexity
    critical