22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks
22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks

22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks

2024-04-19 15:27

Approximately 22,500 exposed Palo Alto GlobalProtect firewall devices are likely vulnerable to...

WhatsApp, Threads, more banished from Apple App Store in China

WhatsApp, Threads, more banished from Apple App Store in China

2024-04-19 14:30

Advertising presented to you on this service can be based on limited data, such as the website...

BlackTech Targets Tech, Research, and Gov Sectors New 'Deuterbear' Tool

BlackTech Targets Tech, Research, and Gov Sectors New 'Deuterbear' Tool

2024-04-19 13:44

Technology, research, and government sectors in the Asia-Pacific region have been targeted by a...

Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware!

Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware!

2024-04-19 12:43

More organizations hit by ransomware gangs are starting to realize that it doesn't pay to...

Cybercriminals threaten to leak all 5 million records from stolen database of high-risk individuals

Cybercriminals threaten to leak all 5 million records from stolen database of high-risk individuals

2024-04-19 11:28

Your profile can be used to present content that appears more relevant based on your possible...

How Attackers Can Own a Business Without Touching the Endpoint

How Attackers Can Own a Business Without Touching the Endpoint

2024-04-19 11:08

Attackers are increasingly making use of “networkless” attack techniques targeting cloud apps...

Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers

Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers

2024-04-19 11:01

Threat actors behind the Akira ransomware group have extorted approximately $42 million in...

Vulnerabilities by Risk level (Last 12 months)

Risk level Last 12 months #
Critical 4079
High 9775
Medium 11576
Low 394

Vulnerabilities by Vendor (Last 12 months)

Vendor Last 12 months #
Google 1322
Microsoft 829
Fedoraproject 536
Apple 531
Adobe 515

Latest Vulnerabilities

  • CVE-2024-29986

    5.4

    Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability

    network
    low complexity
    5.4

  • CVE-2024-29003

    7.5

    The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction.

    low complexity
    CWE-79
    7.5

  • CVE-2024-28076

    7.0

    The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the...

    high complexity
    CWE-601
    7.0

  • CVE-2023-39367

    9.1

    An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command...

    network
    low complexity
    CWE-78
    critical
    9.1

  • CVE-2023-40146

    6.8

    A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape...

    low complexity
    CWE-77
    6.8

Latest Critical Vulnerabilities

  • CVE-2023-39367

    9.1

    An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command...

    network
    low complexity
    CWE-78
    critical
    9.1

  • CVE-2024-20997

    9.9

    Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4....

    network
    low complexity
    critical
    9.9

  • CVE-2024-21010

    9.9

    Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4....

    network
    low complexity
    critical
    9.9

  • CVE-2024-21014

    9.8

    Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4....

    network
    low complexity
    critical
    9.8

  • CVE-2024-21071

    9.1

    Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable...

    network
    low complexity
    critical
    9.1

  • CVE-2024-21082

    9.8

    Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability...

    network
    low complexity
    critical
    9.8

  • CVE-2024-3777

    9.8

    The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password.

    network
    low complexity
    CWE-284
    critical
    9.8

  • CVE-2024-3400 - Command Injection vulnerability in Paloaltonetworks Pan-Os 10.2.0/11.0.0/11.1.0

    10.0

    A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature...

    network
    low complexity
    paloaltonetworks CWE-77
    critical
    10