Korea arrests CEO for adding DDoS feature to satellite receivers
Korea arrests CEO for adding DDoS feature to satellite receivers

Korea arrests CEO for adding DDoS feature to satellite receivers

2024-12-02 21:11

South Korean police have arrested a CEO and five employees for manufacturing over 240,000...

Russia sentences Hydra dark web market leader to life in prison

Russia sentences Hydra dark web market leader to life in prison

2024-12-02 19:40

Russian authorities have sentenced the leader of the criminal group behind the now-closed dark...

The shocking speed of AWS key exploitation

The shocking speed of AWS key exploitation

2024-12-02 19:16

It’s no secret that developers often inadvertently expose AWS access keys online and we know...

BootKitty UEFI malware exploits LogoFAIL to infect Linux systems

BootKitty UEFI malware exploits LogoFAIL to infect Linux systems

2024-12-02 18:07

The recently uncovered 'Bootkitty' UEFI bootkit, the first malware of its kind targeting...

Discover the future of Linux security

Discover the future of Linux security

2024-12-02 14:45

Explore open source strategies to safeguard critical systems and data Webinar Linux security is...

A Guide to Securing AI App Development: Join This Cybersecurity Webinar

A Guide to Securing AI App Development: Join This Cybersecurity Webinar

2024-12-02 14:11

Artificial Intelligence (AI) is no longer a far-off dream—it’s here, changing the way we live....

SmokeLoader Malware Resurfaces, Targeting Manufacturing and IT in Taiwan

SmokeLoader Malware Resurfaces, Targeting Manufacturing and IT in Taiwan

2024-12-02 14:01

Taiwanese entities in manufacturing, healthcare, and information technology sectors have become...

Vulnerabilities by Risk level (Last 12 months)

Risk level Last 12 months #
Critical 2600
High 6322
Medium 8372
Low 275

Vulnerabilities by Vendor (Last 12 months)

Vendor Last 12 months #
Linux 1855
Google 534
Microsoft 428
Apple 380
IBM 318

Latest Vulnerabilities

  • CVE-2024-11252

    6.1

    The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including,...

    network
    low complexity
    CWE-79
  • CVE-2024-49803

    9.8

    IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

    network
    low complexity
    CWE-78
    critical
  • CVE-2024-49804

    7.8

    IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform...

    local
    low complexity
    CWE-250
  • CVE-2024-49805

    9.4

    IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound...

    network
    low complexity
    CWE-798
    critical
  • CVE-2024-49806

    9.4

    IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound...

    network
    low complexity
    CWE-798
    critical

Latest Critical Vulnerabilities

  • CVE-2024-49803

    9.8

    IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

    network
    low complexity
    CWE-78
    critical
  • CVE-2024-49805

    9.4

    IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound...

    network
    low complexity
    CWE-798
    critical
  • CVE-2024-49806

    9.4

    IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound...

    network
    low complexity
    CWE-798
    critical
  • CVE-2024-11103

    9.8

    The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due to the plugin not properly validating...

    network
    low complexity
    CWE-640
    critical
  • CVE-2024-49038

    9.3

    Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.

    network
    low complexity
    CWE-79
    critical
  • CVE-2017-11076

    9.8

    On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder.

    network
    low complexity
    CWE-823
    critical
  • CVE-2017-17772

    9.8

    In multiple functions that process 802.11 frames, out-of-bounds reads can occur due to insufficient validation.

    network
    low complexity
    CWE-126
    critical
  • CVE-2018-11922

    9.8

    Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user.

    network
    low complexity
    CWE-16
    critical