Greece’s Land Registry agency breached in wave of 400 cyberattacks
Greece’s Land Registry agency breached in wave of 400 cyberattacks

Greece’s Land Registry agency breached in wave of 400 cyberattacks

2024-07-22 22:46

The Land Registry agency in Greece has announced that it suffered a limited-scope data breach...

Google rolls back decision to kill third-party cookies in Chrome

Google rolls back decision to kill third-party cookies in Chrome

2024-07-22 22:23

Google has scrapped its plan to kill third-party cookies in Chrome and will instead introduce a...

Global cops power down world's 'most prolific' DDoS dealership

Global cops power down world's 'most prolific' DDoS dealership

2024-07-22 20:15

A DDoS-for-hire site described by the UK's National Crime Agency as the world's most...

US sanctions Russian hacktivists who breached water facilities

US sanctions Russian hacktivists who breached water facilities

2024-07-22 18:16

The US government has imposed sanctions on two Russian cybercriminals for cyberattacks targeting...

LA County Superior Court closes doors to reboot justice after ransomware attack

LA County Superior Court closes doors to reboot justice after ransomware attack

2024-07-22 17:15

Some rest for the wicked? Los Angeles County Superior Court, the largest trial court in America,...

New Play ransomware Linux version targets VMware ESXi VMs

New Play ransomware Linux version targets VMware ESXi VMs

2024-07-22 17:01

Play ransomware is the latest ransomware gang to start deploying a dedicated locker for...

Cybercrooks crafting solo careers in wake of ransomware takedowns

Cybercrooks crafting solo careers in wake of ransomware takedowns

2024-07-22 16:33

More baddies go it alone as trust in big gangs withers, claims Europol A fresh report from...

Vulnerabilities by Risk level (Last 12 months)

Risk level Last 12 months #
Critical 3363
High 8214
Medium 10018
Low 341

Vulnerabilities by Vendor (Last 12 months)

Vendor Last 12 months #
Google 1049
Microsoft 826
Adobe 618
Linux 477
Fedoraproject 449

Latest Vulnerabilities

  • CVE-2024-6497

    8.8

    The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 12.3.19 due to insufficient input...

    network
    low complexity
  • CVE-2024-6635

    7.3

    The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.3. This is due to insufficient controls in the...

    network
    low complexity
  • CVE-2024-6636

    9.8

    The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woo_slg_login_email' function in all versions up...

    network
    low complexity
    critical
  • CVE-2024-6637

    7.3

    The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege escalation in all versions up to, and including, 2.7.3. This is due to a lack of brute force controls...

    network
    low complexity
  • CVE-2024-6489

    5.3

    The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_google_api_key function in all versions up to,...

    network
    low complexity

Latest Critical Vulnerabilities

  • CVE-2024-6636

    9.8

    The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woo_slg_login_email' function in all versions up...

    network
    low complexity
    critical
  • CVE-2024-6205 - SQL Injection vulnerability in Payplus Payment Gateway

    9.8

    The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to...

    network
    low complexity
    payplus CWE-89
    critical
  • CVE-2024-0857

    9.8

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Universal Software Inc. FlexWater Corporate Water Management allows SQL Injection.This issue...

    network
    low complexity
    CWE-89
    critical
  • CVE-2024-5618

    9.9

    Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing Functionality Not Properly Constrained by ACLs.This issue...

    network
    low complexity
    CWE-732
    critical
  • CVE-2024-5619

    9.6

    Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer Management Console allows Exploiting Incorrectly Configured Access Control Security Levels.This...

    network
    low complexity
    CWE-639
    critical
  • CVE-2024-23466

    9.6

    SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the...

    low complexity
    CWE-22
    critical
  • CVE-2024-23467

    9.6

    The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform remote code execution.

    low complexity
    CWE-22
    critical
  • CVE-2024-23469

    9.6

    SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM...

    low complexity
    CWE-20
    critical