Research Shows Many Security Products Fail to Detect Android Malware Variants
A group of academic researchers has created a tool that can be used to clone Android malware and...
Peloton's $3,000 treadmill now comes with surprise 'subscription fee'
Peloton has now introduced a $39.99 monthly subscription fee for its high-end treadmill product...
US Air Force announces plan to assassinate molluscs with hypersonic missile
No word on whether top brass considered just shelling them into submission The United States Air...
To CAPTCHA or not to CAPTCHA? Gartner analyst says OK — but don’t be robotic about it
Picking street signs from a matrix of images is out, cleverer challenges are OK Poll Analyst...
Malicious PyPI packages hijack dev devices to mine cryptocurrency
This week, multiple malicious packages were caught in the PyPI repository for Python projects...
Best practices for IT teams to prevent ransomware attacks
According to Check Point research, the number of organizations affected by ransomware has been...
Driving network transformation with unified communications
Unified communications (UC) has become a significant part of an organization’s digital...
Vulnerabilities by Risk level (Last 12 months)
Vulnerabilities by Vendor (Last 12 months)
| Vendor | Last 12 months | # |
| 1224 | ||
| Microsoft | 1223 | |
| Cisco | 748 | |
| Oracle | 744 | |
| Fedoraproject | 733 |
Latest Vulnerabilities
-
CVE-2010-1432
0.0Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions...
-
CVE-2010-1433
0.0Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability...
-
CVE-2010-1434
0.0Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to hijack an arbitrary session and gain access to sensitive information, which may help in launching...
-
CVE-2010-1435
0.0Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the...
-
CVE-2021-35196
0.0** DISPUTED ** Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the...
Latest Critical Vulnerabilities
-
CVE-2021-0324 - Unspecified vulnerability in Google Android
10.0Product: AndroidVersions: Android SoCAndroid ID: A-175402462
-
CVE-2021-0474 - Out-Of-Bounds Write vulnerability in Google Android
10.0In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed....
-
CVE-2021-0481 - Improper Privilege Management vulnerability in Google Android
9.3In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler. This could lead to local escalation of privilege with no...
-
CVE-2021-31928 - Improper Privilege Management vulnerability in Annexcloud Loyalty Experience Platform
9.0Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to escalate privileges to superadministrator. It was fixed in v2021.1.0.2.
-
CVE-2021-20081 - Improper Input Validation vulnerability in Zohocorp Manageengine Servicedesk Plus 8.1/8.2/9.0
9.0Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges.
-
CVE-2021-33393 - Unspecified vulnerability in Ipfire
9.0lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used...
-
CVE-2021-33356 - Improper Privilege Management vulnerability in Raspap
9.0Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote attacker to inject arbitrary commands to /installers/common.sh component that can result in...
-
CVE-2021-33358 - OS Command Injection vulnerability in Raspap
9.0Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";"...