My TedXBillings Talk
My TedXBillings Talk

My TedXBillings Talk

2024-09-13 18:02

Over the summer, I gave a talk about AI and democracy at TedXBillings. The recording is <a...

Ivanti warns high severity CSA flaw is now exploited in attacks

Ivanti warns high severity CSA flaw is now exploited in attacks

2024-09-13 17:39

Ivanti confirmed on Friday that a high severity vulnerability in its Cloud Services Appliance...

New Linux malware Hadooken targets Oracle WebLogic servers

New Linux malware Hadooken targets Oracle WebLogic servers

2024-09-13 17:05

Hackers are targeting Oracle WebLogic servers to infect them with a new Linux malware named...

RansomHub claims Kawasaki cyberattack, threatens to leak stolen data

RansomHub claims Kawasaki cyberattack, threatens to leak stolen data

2024-09-13 15:26

Kawasaki Motors Europe has announced that it's recovering from a cyberattack that caused...

Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers

Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers

2024-09-13 13:51

Details have emerged about a now-patched security flaw impacting Apple's Vision Pro mixed...

17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London

17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London

2024-09-13 13:29

British authorities on Thursday announced the arrest of a 17-year-old male in connection with a...

TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud

TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud

2024-09-13 11:17

Cybersecurity researchers have uncovered a new variant of an Android banking trojan called...

Vulnerabilities by Risk level (Last 12 months)

Risk level Last 12 months #
Critical 3244
High 7883
Medium 9761
Low 332

Vulnerabilities by Vendor (Last 12 months)

Vendor Last 12 months #
Linux 946
Google 819
Microsoft 734
Adobe 659
Apple 404

Latest Vulnerabilities

  • CVE-2024-45383

    5.0

    A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800). A specially crafted...

    local
    low complexity
    CWE-664
  • CVE-2024-28990

    6.3

    SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ...

    low complexity
    CWE-798
  • CVE-2024-28991

    9.0

    SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the...

    low complexity
    CWE-502
    critical
  • CVE-2024-8522

    10.0

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions...

    network
    low complexity
    CWE-89
    critical
  • CVE-2024-8529

    10.0

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all...

    network
    low complexity
    CWE-89
    critical

Latest Critical Vulnerabilities

  • CVE-2024-28991

    9.0

    SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the...

    low complexity
    CWE-502
    critical
  • CVE-2024-8522

    10.0

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions...

    network
    low complexity
    CWE-89
    critical
  • CVE-2024-8529

    10.0

    The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all...

    network
    low complexity
    CWE-89
    critical
  • CVE-2024-29847 - Deserialization of Untrusted Data vulnerability in Ivanti Endpoint Manager

    9.8

    Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.

    network
    low complexity
    ivanti CWE-502
    critical
  • CVE-2019-25212

    9.1

    The video carousel slider with lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.6 due to insufficient escaping on the...

    network
    low complexity
    CWE-89
    critical
  • CVE-2024-8277

    9.8

    The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2. This is due to the plugin not properly validating...

    network
    low complexity
    CWE-288
    critical
  • CVE-2024-8191 - SQL Injection vulnerability in Ivanti Endpoint Manager

    9.8

    SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.

    network
    low complexity
    ivanti CWE-89
    critical
  • CVE-2024-38220

    9.0

    Azure Stack Hub Elevation of Privilege Vulnerability

    network
    low complexity
    CWE-284
    critical