Why organizations shouldn’t fold to cybercriminal requests
Organizations worldwide pay ransomware fees instead of implementing solutions to protect...
In uncertain times, organizations prioritize tech skills development
Though 65% of tech team leaders have been asked to cut costs, 72% still plan to increase their...
Uncle Sam reveals it sent cyber-soldiers to Albania to hunt for Iranian threats
US Cyber Command operators have confirmed they carried out an online defensive mission in...
Microsoft Teams, Virtualbox, Tesla zero-days exploited at Pwn2Own
Competitors successfully exploited zero-day bugs in multiple products during the second day of...
BlackGuard stealer now targets 57 crypto wallets, extensions
A new variant of the BlackGuard stealer has been spotted in the wild, featuring new capabilities...
Critical infrastructure gear is full of flaws, but hey, at least it's certified
Devices used in critical infrastructure are riddled with vulnerabilities that can cause denial...
WordPress force patching WooCommerce plugin with 500K installs
Automattic, the company behind the WordPress content management system, is force installing a...
Vulnerabilities by Risk level (Last 12 months)
Vulnerabilities by Vendor (Last 12 months)
| Vendor | Last 12 months | # |
| 1488 | ||
| Microsoft | 898 | |
| Fedoraproject | 724 | |
| Debian | 704 | |
| Apple | 468 |
Latest Vulnerabilities
-
CVE-2023-26359
9.8Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code...
-
CVE-2023-26360
8.6Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the...
-
CVE-2023-26361
4.9Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')...
-
CVE-2022-4224
8.8In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.
-
CVE-2018-25048
8.8The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
Latest Critical Vulnerabilities
-
CVE-2023-26359
9.8Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code...
-
CVE-2022-22512
9.1Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network.
-
CVE-2023-1537 - Authentication Bypass by Capture-replay vulnerability in Answer
9.8Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6.
-
CVE-2012-10009 - SQL Injection vulnerability in 404Like Project 404Like
9.8A vulnerability was found in 404like Plugin up to 1.0.2. It has been classified as critical. Affected is the function checkPage of the file 404Like.php. The manipulation of the argument searchWord...
-
CVE-2022-43663 - Incorrect Type Conversion or Cast vulnerability in Wellintech Kinghistorian 35.01.00.05
9.8An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a buffer overflow....
-
CVE-2023-1506 - SQL Injection vulnerability in E-Commerce System Project E-Commerce System 1.0
9.8A vulnerability, which was classified as critical, was found in SourceCodester E-Commerce System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument...
-
CVE-2023-1502 - SQL Injection vulnerability in Alphaware - Simple E-Commerce System Project Alphaware - Simple E-Commerce System 1.0
9.8A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file...
-
CVE-2023-1503 - SQL Injection vulnerability in Alphaware - Simple E-Commerce System Project Alphaware - Simple E-Commerce System 1.0
9.8A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file admin/admin_index.php. The manipulation of...