Amazon textbook rental service scammed for $1.5m
From January 2016 through March 2021, according to the indictment, Talsma rented textbooks from...
Friday Squid Blogging: New Giant Squid Video
New video of a large squid in the Red Sea at about 2,800 feet.
As usual, you can also...
The Week in Ransomware - October 15th 2021 - Disrupting ransoms
October 11th 2021 Pacific City Bank discloses ransomware attack claimed by AvosLocker.
...
TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates
The development also speaks to the TrickBot gang's increasing sophistication and standing in...
Missouri Vows to Prosecute ‘Hacker’ Who Informed State About Data Leak
The St. Louis Post-Dispatch newspaper recently found a huge security blunder: The Missouri...
US links $5.2 billion worth of Bitcoin transactions to ransomware
Based on blockchain analysis of transactions tied to the 177 CVC wallets, FinCEN identified...
LANtenna hack spies on your data from across the room! (Sort of)
Mordechai Guri from the abovementioned Ben Gurion University of the Negev in Israel has recently...
Vulnerabilities by Risk level (Last 12 months)
Vulnerabilities by Vendor (Last 12 months)
| Vendor | Last 12 months | # |
| 1266 | ||
| Microsoft | 988 | |
| Fedoraproject | 695 | |
| Oracle | 650 | |
| Cisco | 626 |
Latest Vulnerabilities
-
CVE-2021-40541 - Cross-site Scripting vulnerability in PHP-Fusion PHPfusion 9.03.110
4.3PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag without "//" in descript() function An authenticated user can trigger XSS by appending "//" in the...
-
CVE-2021-24545 - Cross-site Scripting vulnerability in WP Html Author BIO Project WP Html Author BIO
3.5The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitise the HTML allowed in the Bio of users, allowing them to use malicious JavaScript code, which will be executed when anyone...
-
CVE-2021-24546 - Code Injection vulnerability in Extendify Editorskit
6.5The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role...
-
CVE-2021-24563
4.3The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing...
networkCWE-79 -
CVE-2021-24577 - Cross-site Scripting vulnerability in Wpdevart Coming Soon and Maintenance Mode
3.5The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not properly sanitize inputs submitted by authenticated users when setting adding or modifying coming soon or maintenance...
Latest Critical Vulnerabilities
-
CVE-2021-42071 - OS Command Injection vulnerability in Visual-Tools DVR Vx16 Firmware 4.2.28.0
10.0In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header.
-
CVE-2021-1594 - Command Injection vulnerability in Cisco Identity Services Engine
9.3A vulnerability in the REST API of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. This...
-
CVE-2021-34710 - Command Injection vulnerability in Cisco products
9.0Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a...
-
CVE-2021-34748 - Command Injection vulnerability in Cisco Intersight Virtual Appliance 1.0.9150/1.0.9230/1.0.9292
9.0A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected...
-
CVE-2021-29908 - Improper Authentication vulnerability in IBM Ts7700 Firmware 8.51.0.63/8.51.1.26/8.52.100.32
10.0The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a specially-crafted URL, an attacker may gain administrative access to the Management Interface without...
-
CVE-2021-23857 - Improper Authentication vulnerability in Bosch products
10.0Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker...
-
CVE-2021-32762 - Integer Overflow to Buffer Overflow vulnerability in multiple products
9.0Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted...
-
CVE-2021-38096 - Out-of-bounds Write vulnerability in Corel PDF Fusion 2.6.2.0
9.3Coreip.dll in Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve...