Nearly 10 years after Data and Goliath, Bruce Schneier says: Privacy’s still screwed
Nearly 10 years after Data and Goliath, Bruce Schneier says: Privacy’s still screwed

Nearly 10 years after Data and Goliath, Bruce Schneier says: Privacy’s still screwed

2025-02-15 15:44

'In 50 years, I think we'll view these business practices like we view sweatshops...

Microsoft: Hackers steal emails in device code phishing attacks

Microsoft: Hackers steal emails in device code phishing attacks

2025-02-15 15:22

An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365...

Android's New Feature Blocks Fraudsters from Sideloading Apps During Calls

Android's New Feature Blocks Fraudsters from Sideloading Apps During Calls

2025-02-15 10:26

Google is working on a new security feature for Android that blocks device owners from changing...

If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish

If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish

2025-02-15 00:02

Roses aren't cheap, violets are dear, now all your access token are belong to Vladimir...

SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN

SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN

2025-02-14 22:53

Roses are red, violets are blue, CVE-2024-53704 is perfect for a ransomware crew Miscreants are...

Hackers exploit authentication bypass in Palo Alto Networks PAN-OS

Hackers exploit authentication bypass in Palo Alto Networks PAN-OS

2025-02-14 21:20

Hackers are launching attacks against Palo Alto Networks PAN-OS firewalls by exploiting a...

New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution

New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution

2025-02-14 18:42

Cybersecurity researchers have disclosed a new type of name confusion attack called whoAMI that...

Vulnerabilities by Risk level (Last 12 months)

Risk level Last 12 months #
Critical 2311
High 6912
Medium 10296
Low 372

Vulnerabilities by Vendor (Last 12 months)

Vendor Last 12 months #
Linux 2865
Google 628
Apple 554
Microsoft 523
Adobe 481

Latest Vulnerabilities

  • CVE-2025-21401

    4.5

    Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

    local
    high complexity
    CWE-601
  • CVE-2024-56463

    4.8

    IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...

    network
    low complexity
    CWE-79
  • CVE-2024-52895

    6.5

    IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact...

    network
    low complexity
    CWE-754
  • CVE-2024-56477

    6.5

    IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot...

    network
    low complexity
    CWE-22
  • CVE-2024-12651

    8.5

    Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables.This issue affects HGS Mobile App: before 6.5.0.

    network
    low complexity
    CWE-749

Latest Critical Vulnerabilities

  • CVE-2024-13152

    10.0

    Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.This issue affects Mobuy Online Machinery...

    network
    low complexity
    CWE-566
    critical
  • CVE-2024-13182

    9.8

    The WP Directorybox Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.5. This is due to incorrect authentication in the...

    network
    low complexity
    CWE-288
    critical
  • CVE-2024-10763

    9.8

    The Campress theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.35 via the 'campress_woocommerce_get_ajax_products' function. This makes it possible...

    network
    low complexity
    CWE-22
    critical
  • CVE-2025-25349 - SQL Injection vulnerability in PHPgurukul Daily Expense Tracker System 1.1

    9.8

    PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the costitem parameter.

    network
    low complexity
    phpgurukul CWE-89
    critical
  • CVE-2025-25351 - SQL Injection vulnerability in PHPgurukul Daily Expense Tracker System 1.1

    9.8

    PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the dateexpense parameter.

    network
    low complexity
    phpgurukul CWE-89
    critical
  • CVE-2024-10960

    9.9

    The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including,...

    network
    low complexity
    CWE-434
    critical
  • CVE-2024-12213

    9.8

    The WP Job Board Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.76. This is due to the plugin allowing a user to supply the 'role' field...

    network
    low complexity
    CWE-266
    critical
  • CVE-2024-13421

    9.8

    The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles...

    network
    low complexity
    CWE-266
    critical