![Friday Squid Blogging: Sunscreen from Squid Pigments](/static/build/img/news/alt/phishing-stats-2.jpg)
![Friday Squid Blogging: Sunscreen from Squid Pigments](/static/build/img/news/alt/phishing-stats-2-small.jpg)
Friday Squid Blogging: Sunscreen from Squid Pigments
About Bruce Schneier I am a public-interest technologist, working at the intersection of...
![Crypto exchange Gemini discloses third-party data breach](/static/build/img/news/crypto-exchange-gemini-discloses-third-party-data-breach-small.jpg)
Crypto exchange Gemini discloses third-party data breach
Cryptocurrency exchange Gemini is warning it suffered a data breach incident caused by a...
![Google fixes Chrome Password Manager bug that hides credentials](/static/build/img/news/google-fixes-chrome-password-manager-bug-that-hides-credentials-small.jpg)
Google fixes Chrome Password Manager bug that hides credentials
Google has fixed a bug in Chrome's Password Manager that caused user credentials to...
![FBCS data breach impact now reaches 4.2 million people](/static/build/img/news/fbcs-data-breach-impact-now-reaches-4-2-million-people-small.jpg)
FBCS data breach impact now reaches 4.2 million people
Debt collection agency Financial Business and Consumer Solutions has again increased the number...
![CrowdStrike meets Murphy's Law: Anything that can go wrong will](/static/build/img/news/crowdstrike-meets-murphy-s-law-anything-that-can-go-wrong-will-small.jpg)
CrowdStrike meets Murphy's Law: Anything that can go wrong will
Opinion CrowdStrike's recent Windows debacle will surely earn a prominent place in the...
![July Windows Server updates break Remote Desktop connections](/static/build/img/news/july-windows-server-updates-break-remote-desktop-connections-small.jpg)
![Acronis warns of Cyber Infrastructure default password abused in attacks](/static/build/img/news/acronis-warns-of-cyber-infrastructure-default-password-abused-in-attacks-small.jpg)
Acronis warns of Cyber Infrastructure default password abused in attacks
Acronis warned customers to patch a critical Cyber Infrastructure security flaw that lets...
Vulnerabilities by Risk level (Last 12 months)
Vulnerabilities by Vendor (Last 12 months)
Vendor | Last 12 months | # |
1049 | ||
Microsoft | 826 | |
Adobe | 619 | |
Linux | 509 | |
Fedoraproject | 449 |
Latest Vulnerabilities
-
-
CVE-2024-6589
8.8The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.6.8.2 via the 'render_content_block_template' function....
networklow complexity -
CVE-2024-22444
6.1A vulnerability within the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user...
-
CVE-2024-31970
8.8AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have SSH enabled by default, accessible both over the LAN and the Internet. During a window of time...
networklow complexity -
CVE-2024-36541 - Incorrect Default Permissions vulnerability in Kube-Logging Logging-Operator 4.6.0
8.8Insecure permissions in logging-operator v4.6.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
Latest Critical Vulnerabilities
-
CVE-2024-40422 - Path Traversal vulnerability in Stitionai Devika 1.0
9.1The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshot_path parameter to...
-
CVE-2024-41914
9.0A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against...
-
CVE-2024-38164
9.6An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.
-
CVE-2024-41319 - Command Injection vulnerability in Totolink A6000R Firmware 1.0.1B20201211.2000
9.8TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function.
-
CVE-2024-26020
9.6An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send...
-
CVE-2024-37391 - Unspecified vulnerability in Proton Protonvpn
9.8ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant('{autopf}\Proton\Drive') + '"' in Setup/setup.iss.
-
CVE-2024-41703 - Unspecified vulnerability in Librechat 0.7.4
9.8LibreChat through 0.7.4-rc1 has incorrect access control for message updates. (Work on a fixed version release has started in PR 3363.)
-
CVE-2024-41704 - Path Traversal vulnerability in Librechat 0.7.4
9.8LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. (Work on a fixed version release has started in PR 3363.)