![Thumbnail [200x250]](/static/build/img/vumetric-cybersecurity-news.jpg)
IDmission announces a 2FA upgrade path for access points
IDmission announced its Identity Management System (IDMS) to reduce unauthorized access to large...
Leaky S3 buckets have gotten so common that they're being found by the thousands now, with lots of buried secrets
When will this madness end? The massive amounts of exposed data on misconfigured AWS S3 storage...
Travelers Europe has enhanced its cyber insurance product
Travelers Europe has enhanced its cyber insurance product, Travelers CyberRisk, to provide more...
Hexagon acquires TACTICAWARE for 3D security surveillance capabilities
Hexagon AB, a global leader in sensor, software and autonomous solutions, announced the...
Cloudbeam enables private and secure connectivity to CSPs
Fatbeam released Cloudbeam, which connects businesses to their Cloud Service Providers (CSPs)....
Robocall Legal Advocate Leaks Customer Data
A California company that helps telemarketing firms avoid getting sued for violating a federal...
Vulnerabilities by Risk level (Last 12 months)
Vulnerabilities by Vendor (Last 12 months)
Latest Vulnerabilities
- 2020-08-03 21:15Unknown - Unspecified
A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
- 2020-08-03 21:15Unknown - Unspecified
A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
- 2020-08-03 20:15Unknown - Unspecified
Improper Access Control in Teltonika firmware TRB2_R_00.02.04.01 allows a low privileged user to perform unauthorized write operations.
- 2020-08-03 20:15Unknown - Unspecified
Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file.
- 2020-08-03 20:15Unknown - Unspecified
Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup archive.
Latest Critical Vulnerabilities
- 2020-07-29 19:15CWE-326 - Inadequate...
Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt.
- 2020-07-29 19:15CWE-78 - OS Command Injection
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by...
- 2020-07-29 14:15CWE-434 - Unrestricted...
OpenClinic GA 5.09.02 and 5.89.05b does not properly verify uploaded files, which may allow a low-privilege user to upload and execute arbitrary files on the system.
- 2020-07-29 13:15CWE-79 - Cross-site Scripting
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a dom-based cross-site scripting vulnerability. Successful exploitation could lead to arbitrary code execution.
- 2020-07-28 21:15CWE-434 - Unrestricted...
Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file.
- 2020-07-28 17:15CWE-749 - Exposed...
This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability....
- 2020-07-28 17:15CWE-78 - OS Command Injection
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability....
- 2020-07-28 17:15CWE-78 - OS Command Injection
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability....