Week in review: JetBrains GitHub plugin vulnerability, 20k FortiGate appliances compromised
Week in review: JetBrains GitHub plugin vulnerability, 20k FortiGate appliances compromised

Week in review: JetBrains GitHub plugin vulnerability, 20k FortiGate appliances compromised

2024-06-16 08:00

Users of JetBrains IDEs at risk of GitHub access token compromiseJetBrains has fixed a critical...

U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain

U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain

2024-06-16 04:31

Law enforcement authorities have allegedly arrested a key member of the notorious cybercrime...

New Linux malware is controlled through emojis sent from Discord

New Linux malware is controlled through emojis sent from Discord

2024-06-15 17:08

A newly discovered Linux malware dubbed 'DISGOMOJI' uses the novel approach of utilizing...

ASUS warns of critical remote authentication bypass on 7 routers

ASUS warns of critical remote authentication bypass on 7 routers

2024-06-15 15:17

ASUS has released a new firmware update that addresses a vulnerability impacting seven router...

Microsoft: New Outlook security changes coming to personal accounts

Microsoft: New Outlook security changes coming to personal accounts

2024-06-15 14:12

Microsoft has announced new cybersecurity enhancements for Outlook personal email accounts as...

Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan

Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan

2024-06-15 09:51

Pakistan has become the latest target of a threat actor called the Smishing Triad, marking the...

Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber Attacks

Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber Attacks

2024-06-15 08:13

A suspected Pakistan-based threat actor has been linked to a cyber espionage campaign targeting...

Vulnerabilities by Risk level (Last 12 months)

Risk level Last 12 months #
Critical 3569
High 8626
Medium 10525
Low 349

Vulnerabilities by Vendor (Last 12 months)

Vendor Last 12 months #
Google 1149
Microsoft 774
Adobe 531
Linux 471
Apple 463

Latest Vulnerabilities

  • CVE-2024-5611

    6.4

    The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘label_years’ attribute within the Countdown widget in all versions up to, and including,...

    network
    low complexity
  • CVE-2024-2695

    6.4

    The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input...

    network
    low complexity
  • CVE-2024-3105

    9.9

    The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php'...

    network
    low complexity
    critical
  • CVE-2024-4095

    6.4

    The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' and 'expandsub' shortcode in all versions up to, and including, 1.8.5.7 due to...

    network
    low complexity
  • CVE-2024-4258

    9.8

    The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter....

    network
    low complexity
    critical

Latest Critical Vulnerabilities

  • CVE-2024-3105

    9.9

    The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php'...

    network
    low complexity
    critical
  • CVE-2024-4258

    9.8

    The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter....

    network
    low complexity
    critical
  • CVE-2024-5871

    9.8

    The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the...

    network
    low complexity
    critical
  • CVE-2024-2472

    9.1

    The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer'...

    network
    low complexity
    critical
  • CVE-2024-3912

    9.8

    Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device.

    network
    low complexity
    CWE-434
    critical
  • CVE-2024-5577

    9.8

    The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version <= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file. This...

    network
    low complexity
    critical
  • CVE-2024-4936

    9.8

    The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to...

    network
    low complexity
    critical
  • CVE-2024-3080

    9.8

    Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device.

    network
    low complexity
    CWE-287
    critical