IKEA Hit by Email Reply-Chain Cyberattack
As of Friday - as in, shopping-on-steroids Black Friday - retail titan IKEA was wrestling with a...
Researchers Flag 300K Banking Trojan Infections from Google Play in 4 Months
Overcoming Google Play app restrictions, attackers have successfully racked up more than 300,000...
Dark web market Cannazon shuts down after massive DDoS attack
Cannazon, one of the largest dark web marketplaces for buying marijuana products, shut down last...
Unpatched Windows Zero-Day Allows Privileged File Access
In a proof-of-concept exploit, he demonstrated that it's possible to copy files from a...
Shape-Shifting ‘Tardigrade’ Malware Hits Vaccine Makers
An APT has attacked two separate vaccine manufacturers this year using a shape-shifting malware...
Stealthy WIRTE hackers target governments in the Middle East
A stealthy hacking group named WIRTE has been linked to a government-targeting campaign...
Vulnerabilities by Risk level (Last 12 months)
Vulnerabilities by Vendor (Last 12 months)
| Vendor | Last 12 months | # |
| 1266 | ||
| Microsoft | 988 | |
| Fedoraproject | 695 | |
| Oracle | 650 | |
| Cisco | 626 |
Latest Vulnerabilities
-
CVE-2021-36843 - Cross-site Scripting vulnerability in Acurax Floating Social Media Icon
3.5Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Floating Social Media Icon plugin (versions <= 4.3.5) Social Media Configuration form. Requires high role user...
-
CVE-2021-36919 - Cross-site Scripting vulnerability in Awesomesupport Awesome Support Wordpress Helpdesk & Support
3.5Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities in WordPress Awesome Support plugin (versions <= 6.0.6), vulnerable parameters (&id, &assignee).
-
CVE-2021-36916 - SQL Injection vulnerability in Wpwave Hide MY WP 6.2.3
7.5The SQL injection vulnerability in the Hide My WP WordPress plugin (versions <= 6.2.3) is possible because of how the IP address is retrieved and used inside a SQL query. The function...
-
CVE-2021-36917 - Exposure of Resource to Wrong Sphere vulnerability in Wpwave Hide MY WP 6.2.3
5.0WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. It is possible to retrieve a reset token which can then be used to deactivate the plugin.
-
CVE-2021-38873 - Injection vulnerability in IBM Planning Analytics 2.0
9.3IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM...
Latest Critical Vulnerabilities
-
CVE-2021-38873 - Injection vulnerability in IBM Planning Analytics 2.0
9.3IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM...
-
CVE-2021-36313 - OS Command Injection vulnerability in Dell Cloudlink
9.0Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to the execution...
-
CVE-2021-43019 - Improper Access Control vulnerability in Adobe Creative Cloud Desktop Application
9.3Adobe Creative Cloud version 5.5 (and earlier) are affected by a privilege escalation vulnerability in the resources leveraged by the Setup.exe service. An unauthenticated attacker could leverage...
-
CVE-2021-37102 - Command Injection vulnerability in Huawei Fusioncompute
9.0There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external...
-
CVE-2021-42738 - Access of Memory Location After End of Buffer vulnerability in Adobe Prelude 10.1/9.0/9.0.1
9.3Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution in the...
-
CVE-2021-43015 - Access of Memory Location After End of Buffer vulnerability in Adobe Incopy 15.1.3/16.0
9.3Adobe InCopy version 16.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the...
-
CVE-2021-26614 - Unspecified vulnerability in Iptime C200 Firmware 1.0.12
10.0ius_get.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command.
-
CVE-2021-36306 - Improper Authentication vulnerability in Dell Networking Os10
9.3Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to...